Access Management

We have 2 SP's where MFA is required to use within the SAML method. However, because HelloID does not support MFA in the Authentication Method (only pwd is supported), the SP is redirecting users back to HelloID which sends users back to the SP. Because of this, users are being putted in a loop and are not able to login. Please support the MFA authentication method in SAML (amr claim), so users are able to login to SP's which require this option.

We would like the employee to be able to change his/her password and have it written back to the AD immediately. Even if a password has expired. HelloID is the start of every employee, but changing a simple password is not possible. Please help.

In the edit users screen there is an option to generate a QR code. For customers who do not use the QRcode to login option this sometimes leads to confusion with the QR code for the MFA app. We would like this QRcode field to be made invisible if the option to log in with it is disabled.

From the July 2025 release we will deprecate the QR code login functionality. This means that QR code login can no longer be enabled on new tenants and tenants for which the QR code option is not enabled.

Wij willen graag ons LMS, gebaseerd op Totara, koppelen aan HelloID. Kunnen jullie hiervoor een connector ontwikkelen?

To better comply with licensing and data restrictions. It would nice if the Active Directory sync could limit users synced not only by OU but by group membership and/or attribute value.

When a user logs in to HelloID through the AD IdP, and must change their AD password, they are forced to do so. However, no complexity requirements are displayed. This can present problems for organizations that enforce complexity requirements, resulting in helpdesk calls from confused end users who have trouble setting a new password.

It would be very useful to be able to upload a transparent company icon. It can blend in with the portal background color as well as the Provisioning email background color. At the moment any uploaded company is converted to a JPG which doesn't support transparency. Weird, because the default (ID) icon is a PNG.

I would like to be able to map a role (or group if role is not possible) to users who are created in HelloID, by a SAML IDP (JIT). Currently the SAML IDP mapping does not support mapping roles.

It would be nice to see audit data of MFA changes logged to elastic. The logging should include changes in this screen.