Important
This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
HelloID-Conn-Prov-Target-Blacklist-CSV is a target connector that writes user attribute values to a CSV-based blacklist. These values can later be used to prevent reuse, for example of sAMAccountName, email, or UPN.
- HelloID Agent running On-Premises
- Write access to a shared location for storing the blacklist CSV file
- Concurrent actions should be set to 1 to avoid file locking or accidental overwrites
- The CSV file should be manually created as HelloID does not create the file itself
- The client is responsible for populating the blacklist CSV with any previous data. HelloID will only manage and add the data for the persons handled by provisioning.
The following settings are required to connect to the CSV file.
| Setting | Description | Mandatory |
|---|---|---|
| CSV File Path | Full path to the CSV file | Yes |
| Delimiter | Delimiter used in the file (e.g. ,) |
Yes |
| Encoding | Encoding used (e.g. utf-8, ascii) |
Yes |
| RetentionPeriod (days) | Retention period in days. This is the number of days the value should remain blocked after deletion. Use 999999 for no retention limit. |
Yes |
The correlation configuration is not used or required in this connector
The following lifecycle actions are available in this connector:
| Action | Description | Comment |
|---|---|---|
create.ps1 |
Adds account data to the blacklist CSV. A new row is added if the combination of attribute + employeeId doesn't exist, or if the attribute belongs to someone else but is outside the retention period. If the entry exists and is soft-deleted (i.e., whenDeleted is set), but the same person owns it and it's within the retention period, the whenDeleted field is cleared to reactivate the entry. |
Uses account data from another system like AD or Entra ID. |
update.ps1 |
Follows the same logic as create.ps1. The row is either added or restored based on ownership and retention policy. |
|
delete.ps1 |
Marks the value as soft-deleted by filling the whenDeleted field for any rows where it's still empty. |
|
checkOnExternalSystemsAd.ps1 |
Verifies if attribute values exist in the blacklist. It checks the whenDeleted field to ensure the value is still within the retention period and determines if it should remain blocked. |
Configured in the built-in AD connector. |
configuration.json |
Contains connection settings and general configuration for the connector. | This configuration can and should be used in both the CSV target connector and the built-in AD connector. |
fieldMapping.json |
Defines mappings between person fields and target system person account fields. |
| Column | Description |
|---|---|
employeeId |
Unique ID from source system (usually HR) |
attributeName |
The attribute name (e.g. userPrincipalName, sAMAccountName, or mail) |
attributeValue |
The attribute value to block |
whenCreated |
Timestamp when the row was created |
whenDeleted |
Soft-delete; if set, the row will still be validated, but only considered a match if within the retention period defined by RetentionPeriod. |
- This connector uses a local CSV file as storage and source of truth.
- The columns
whenCreated,whenUpdated, andwhenDeletedare fixed in the code.These fields are not available in fieldMapping by design.
- Multiple rows per attribute and per employee are supported.
Tip
For more information on how to configure a HelloID PowerShell connector, please refer to our documentation pages.
Tip
If you need help, feel free to ask questions on our forum.
The official HelloID documentation can be found at: https://docs.helloid.com/
