The Home page shows the number of pending changes, the current operational mode of Hyperfish, as well as your organization’s current Active Directory completion summary. Each attribute category listed under ‘Current Summary’ will jump to the relevant section when clicked.
The Approval page is accessible to all Hyperfish administrators and designated approvers. Pending changes are itemized, showing the user who submitted the change, the attribute to be updated, the previous value of the attribute, the proposed new value of the attribute, and the time of submission.
Approvers can approve or reject the changes by clicking the approve or reject button under the ‘Actions’ column. Pending changes can be filtered by clicking on the ‘By Attribute’ or ‘By User’ tabs.
If changes fail to apply, a notification is shown in the upper left hand corner, and failed instances can be shown or hidden.
The Event Log page provides a view of each action processed through Hyperfish. This includes all profile update submissions, approvals, and commits. Incremental scans, full scans, and administrative actions are also logged.
The filtering options allow for filtering of directory scans, and profile updates, by date range.
The ‘Users’ page allows administrators to search for users in Active Directory and view their Hyperfish profile pages, review email communication history, and see which Collection the user is in.
When a search term is entered, possible matches will be displayed below. Items can be expanded to quickly view user details:
Two actions can be taken from the 'Actions' column:
View User Profile - Takes you to a read-only version of the selected user's Hyperfish profile page.
View User Emails - Shows a history of emails sent to the user. Emails can be opened and previewed. This provides an easy method of verifying user experience, and confirmation that the correct message templates are being used if branding/language is different across multiple collections.
Selecting the ‘Settings’ option from the main menu will produce an additional set of menu options for configuring Hyperfish administrative settings. Make sure to click ‘SAVE’ after modifying any settings to apply the changes.
Hyperfish Mode – Allows you to change between modes of operation:
- Analysis – scans Active Directory only.
- Pilot – scans Active Directory and reaches out to designated Pilot users to collect information
- Run – scans Active Directory and reaches out to all users within the target domain or OU scope
Daily Full Scan – The Daily Full Scan section allows for configuration of full analysis scans of your Active Directory environment. Real time scans are performed every 15 minutes. Full scans are scheduled once per day. Clicking on the full scan time allows you to change the daily scan time using the time picker.
Directory Details – The Directory Details will show different details depending on your implementation type.
Directory Details for On-premises and Hybrid deployments will show:
- Domain Controller name
- Connection status and ‘Reconnect’ option
- The last successful heartbeat ping (sent every 5 minutes)
- Current Hyperfish Agent version number and a ‘Get Latest’ option
If it is necessary to move the Hyperfish Agent to a different host or re-register the current host machine, clicking the ‘Reconnect’ option will generate a new ten-digit registration code to enter to the Hyperfish Agent installer when prompted.
Clicking ‘Get Latest’ will automatically download the latest version of the Hyperfish Agent to ensure that the latest features and bug fixes are available.
Directory Details for Cloud-only deployments will show:
- The current Global Administrator account that is used to read/write from Azure Active Directory
- The email address of the current Hyperfish Administrator
Directory Scope (On-premises and Hybrid deployments only) -- Allows for customization of the Hyperfish analysis scope.
By default, Directory Scope settings are set to analyze the entire directory.
If the 'Specific Organizational Units' option is selected, Include/Exclude OU options, and diagram options become available.
An OU scope can be configured by clicking '- Exclude OUs' or '+ Include OUs'.
OUs can then be selected using the picker.
To keep track of which OUs are included/excluded, clicking 'Diagram' will produce a map of the Active Directory OU structure. Included OUs are marked green, and excluded OUs, are marked red. Inclusion/exclusion definitions are accented with a ring.
OUs can be excluded or included in Diagram Mode as well. Clicking on an OU will produce options to Exclude, Include, or Inherit:
A list of attributes will be displayed on this page. By default, all attributes will require approval. Toggling the option for auto approve for a specific attribute will allow submitted changes to that attribute to bypass the approval process. This is useful for required employee information not verifiable by the employer such as personal mobile phone numbers.
The timing section determines when an approver will receive a notification that there are pending updates they require approvals. These options include;
Immediately-Once an approval is submitted, a notification will be sent to the approver.
Daily-Once a day at a preset time a notification will be sent to the approver until the approval is approved or rejected.
Never- Approvers will not receive notifications. Instead, will need to navigate to the Admin Dashboard to check on pending approvals.
Approvers for specified attributes can be managed using the Approvers people picker.
The Attributes page is used to tailor the overall interaction between Hyperfish and Active Directory user profile attributes. To adjust the location of either a Category or Attribute, select the option and drag it to the desired location.
The Attributes feature lists all the attributes that Hyperfish can analyze, sorted by their categories.
Custom attributes in extended AD schemas can be added by clicking the ‘+ Add Attribute’ link. The name of the custom attribute is required.
Note: Custom attributes can be deleted by clicking the ‘trash’ symbol, but core attributes will not have the option to do so. The default categories provided can be removed or renamed.
Clicking on the edit button for an attribute under the ‘Actions’ column allows for modification of Display Name, Hint Text, and Format.
The ‘Display Name’ is how the attribute will be labeled on the Hyperfish Profile Update page.
‘Hint Text’ will provide end users with context and usage information for a given field on the Profile Update Page.
If 'Must Contain a Value' is toggled 'on', the field is required in the Profile Page.
Form and Hyperbot Options include:
Hidden - Hides the attribute from view on the Profile Page
Read Only - Shows the attribute on the Profile Page, but restricts users from editing the field
Editable - Users can update the value on the Profile Page
Hyperbot and Editable - Users can update the value on the Profile Page, and will receive Hyperbot notifications if the value is missing or out of format
To apply or edit the format, select the 'Validation' tab at the top.
The Formats feature displays a list of formats and allows for editing of default and custom formats.
Each attribute can have a different type of format applied to it. Custom formats require a label, description, and can be configured to use one of the following render types:
- Autocomplete - a list of options that will provide selections as the field is filled
- Dropdown - a list of options to choose from
- Number Input - allows numbers only
- Text Input - allows alphanumeric text entry
- Long Text Input - multi-line text entry
- Toggle - a true or false toggle
Profile photos are also validated upon user submission. Clicking the edit button for Profile Picture in the ‘Formats’ section will bring up the validation options.
By default, profile photos will be evaluated for:
- Racy content – excessive amounts of skin
- Adult content – nudity of any kind
- No faces – pictures of animals, cartoon characters, or inanimate objects
- Multiple faces – photos containing more than one individual’s face
Toggling the switch to ‘allow’ any of these validation options will allow the corresponding photo types to be uploaded by users.
Cascading drop-downs will provide additional functionality by allowing organizations to utilize a series of dependent attributes in either drop-down or autocomplete format that can be tied together. This provides the end user with a seamless experience when updating a set of attributes that are dependent on each other.
To create a series of cascading attributes, navigate to the Settings tab, then select 'Attribute' tab. The first step to create a set of cascading drop-down attributes will be determine a parent attribute. For this example, the goal will be to collect an office location address for a user who is part of a company with multiple office locations. As this is commonly broken up into separate attributes (Country, Street Address, City, State, Zip Code)
For this example, the parent value will be the Country attribute. Ensure the format for this attribute is either an autocomplete or drop-down format. Next, populate each option that will is available in the 'Options section show in the image below.
Once the parent value has been configured, the next step is to setup the sequence of attributes that are dependent from the parent attribute.To do this, navigate to the next attribute that needs to be populated by the end user. In this instance after Country, Street Address would be the next value. Configuration of this attribute is shown in the image below.
After selecting the edit option on the Street Address attribute, navigate to the validation tab. From there, ensure the 'Render As' option is either a drop-down or autocomplete format this format is required all attributes being used with the cascading drop-down feature. Select the ‘Options Cascade From’ and set this to the parent value (for this example, Country attribute).
Once set, navigate through each parent value option in the drop-down list and populate each value with options available. The image above, illustrates all street addresses within the United States a user can select. Once complete, save and move onto the next attribute that is planned in the sequence. Replicate this process for each attribute being used. Once completed, when the the end user navigates to their profile page they will be prompted with a wizard like the one shown below. Illustrating a series of values that need to be populated. Each attribute dependent on the attribute above it being populated first. The next image reflects what a populated example can look like. Note the lines on the right-hand side indicating how the attributes are connected. Additionally, as the end user starts to populate each field, the next field will be highlighted in red, indicating that is the next required field in the series to be populated.
The Categories feature allows for creation and management of categories that attributes are listed under on the Profile Update Page.
Clicking ‘+ Add Category’ allows for creation of new categories to add attributes to.
The label of the category can be customized and attributes can be added from a drop-down menu.
The Branding page allows for customization of the Profile Update Page. Header, header text, secondary, and accent colors can be customized with valid CSS color values. Additionally, a corporate logo can be uploaded to be displayed in the header.
The ‘Preview’ button opens a preview of the Profile Update Page with the customizations applied.
The ‘Reset’ button can be used to reset custom branding values back to default values.
Email communications from Hyperbot can be branded with a company logo in the header of the email.
The Hyperbot settings page is used to configure Hyperbot, the Hyperfish bot personality that reaches out to end-users to collect and confirm profile information.
Hyperbot can be toggled ‘On’ and ‘Off’ using the toggle switch. This can be considered a master switch for all channels of communication.
Contact Channels - Currently, there are two contact channels available for Hyperbot:
Email is the standard channel for Hyperbot communications. By default, Hyperbot will send emails as email@example.com
It is possible to configure Hyperbot emails to be sent from an internal Office 365 account. This can be configured by clicking the edit icon next to the Email channel switch:
Select 'Send from existing email account' and click 'Sign In With Office 365':
Sign in with an Office 365 Global Administrator account, then search for and select the account you wish Hyperbot communications to be sent from:
Skype for Business can also be used to send the same communication as an instant message. There are two requirements for Skype for Business messages to be sent from Hyperbot:
- Skype for Business must be configured for open federation
- Organization SIP addresses must match email addresses
Personality - The personality can be further customized to suit company culture by using the ‘Personality’ slider to adjust the tone of the interactions with users. This includes “Relaxed”, “Standard”, and “Formal” settings, with “Formal” being the most professional.
Email Customization - The language contained within Hyperbot communications can be further customized by expanding the 'Email Templates' section beneath Hyperbot Personality settings:
Custom templates can be created for the following communications:
Profile Update Communications:
First Attempt - The first attempt to contact users to ask them to update missing, invalid, or out of date directory profile information.
Reminder - Subsequent attempts to contact users to ask them to update missing, invalid, or out of date directory profile information.
Update Rejected - A profile update has been rejected by the administrator or approver.
Profile Validation Communications:
First Attempt - The first attempt to contact users to ask them to review and confirm or update their profile information.
To customize a template, click the edit button of the communication you would like to update, and the template editor will be displayed:
Modify the subject, greeting, introduction, call to action, help text, button text, and signature lines as needed. Then, click the 'PREVIEW' button to see how the email will look, or click 'SAVE' to apply the changes.
Tenacity - The Tenacity sliders allow for configuration of the frequency in which Hyperbot contacts end-users to collect profile information. The ‘Attempts’ slider configures the number of times users are contacted within the selected frequency.
Contact Channels - the contact method that Hyperbot will use to contact users with missing or incomplete information, can be toggled on and off.
Profile Validation - Profile validation helps to keep directory information fresh by reaching out to users periodically to update profile information.
The initial date and time can be set for Hyperbot to reach out to users. Subsequent validation frequency can be selected from the 'Repeats Every:' drop down. Frequency can range from 1 month to 12 months.
The validation email includes the user's current profile information and gives them either the option to Confirm the information, or to Update My Profile (which works the same as the regular profile update magic links). Upon clicking the 'Confirm' button, the user will be taken to a page letting them know that their profile information has been confirmed successfully.
Do Not Disturb - The ‘Do Not Disturb’ feature accepts email addresses of user accounts that should never be contacted by Hyperbot, e.g., users who wish to opt-out.
The Permissions settings page provides a centralized location to manage permissions in Hyperfish. This includes Pilot Users, Administrators, and Approvers.
While Hyperfish is running in ‘Pilot’ mode, a group of participants can be selected to participate in a small-scale implementation of Hyperfish. The participants receive profile update messages and have the option to update profile information through direct response, or by using the Hyperfish profile update page.
The Pilot Users people picker allows for selection of specific users to receive notifications regarding missing or inaccurate information.
Administrators are people who can log into Hyperfish and review metrics, manage settings, and conduct approvals. Users added here do not need to have access to the directory being managed.
The initial user account used to implement Hyperfish is the default initial administrator. Additional administrators can be added using the people picker. Each user added will receive an invitation once the '+ Add' button is clicked. Users can be removed from this list by clicking the red ‘trash’ icon.
Approvers receive notifications of pending approvals and can approve or reject changes. When approvers log in to the Hyperfish web portal, they will be able to see the ‘Approve’ page in addition to the self-service Profile Update Page.
Approvers can be added using the people picker. Each user added will receive an invitation once the '+ Add' button is clicked. Users can be removed from this list by clicking the red ‘trash’ icon.
With Hyperfish Collections, different settings can be applied to specific audiences of users. In hybrid and on-premises environments, Collections are defined by either organizational unit (default), or attribute value (by request). In online environments, Collections can only be attribute-based.
Collections settings can be accessed from the Collections tab in the navigation pane.
To create a collection, navigate to the 'Collections' page, and click '+Add Collection'.
Pick a name and the organizational units / attribute values that will make up the collection. Settings can be copied over from an existing collection.
Each Collection can have its own unique configurations (separate to the master settings) for:
- Required attributes
- Formatting rules
- Branding in Profile Pages and emails
Expanding a collection in the collections page will display the configuration summary for that collection.
The expanded view shows whether or not the collection inherits any configured settings from the master collection, as well as the included organizational unit(s).
Additionally, quick links to the collection's Approval, Attributes, and Branding settings pages can be accessed.
When changing settings for a collection, the collection's name is shown at the top of the settings menu. The search functionality can be used to quickly switch to settings for another collection.
If a collection's settings differ from the master collection's settings, the 'Override Master Settings' switch can be toggled to allow for customization:
When customizing attributes and formats, the 'Override Master Settings' toggle switch can be found at the item level in the edit modal dialogue:
7 PowerShell Hooks
Note: This feature applies to on-premises and hybrid Hyperfish deployments only.
Optionally, PowerShell hooks can be configured to execute custom PowerShell scripts before (pre-update) or after (post-update) attribute commission.
Two parameters are passed to the scripts:
- The AD property being updated
- The user object GUID
Some usage examples include instantly syncing profile pictures to Exchange Online or SharePoint Online user profiles, and updating SharePoint Online profile (Delve) properties (e.g., About Me, Skills, Past Projects, Schools).
To get started, an example script and implementation instructions can be found at the Hyperfish/scripts Git repository: https://github.com/Hyperfish/scripts/blob/master/PowerShellHooks/PostUpdateScript.ps1
If you have any questions around Hyperfish features and functionality, please feel free to reach out to Customer Support via email, Support@Hyperfish.com