How It Connects
HelpBot integrates with both on-premises Active Directory (via a lightweight connector agent) and Azure Active Directory (via Microsoft Graph API). The integration provides read and write access to user accounts, security groups, organizational units, and directory attributes.
For on-premises AD, a HelpBot connector agent is installed on a domain-joined server inside your network. The agent communicates with HelpBot's cloud service over an encrypted outbound connection - no inbound firewall rules required. It executes directory operations locally and reports results back to HelpBot.
For Azure AD, HelpBot uses the Microsoft Graph API with OAuth 2.0 and delegated or application permissions. The connection is configured through your Azure portal with granular permission scoping - you control exactly which directory operations HelpBot can perform.
Both connection types support hybrid environments. If your organization uses Azure AD Connect to sync between on-premises AD and Azure AD, HelpBot detects the sync direction and writes changes to the correct source to avoid synchronization conflicts.
Setup Steps
Choose Your Directory Type
In the HelpBot admin panel, go to Settings > Integrations > Active Directory. Select "On-Premises AD," "Azure AD," or "Hybrid" depending on your environment. Each option presents the appropriate setup flow.
Install the Connector (On-Premises) or Authorize API Access (Azure AD)
For on-premises AD: download and install the HelpBot connector agent on a domain-joined Windows Server. The installer configures a service account with the minimum required permissions. For Azure AD: register the HelpBot application in your Azure portal and grant Microsoft Graph API permissions for directory read/write.
Configure Automation Policies
Define which directory operations HelpBot can perform automatically and which require human approval. For example: password resets can be fully automated after identity verification, while adding users to admin groups requires manager approval through an approval workflow.
Set Up Identity Verification
Configure how HelpBot verifies user identity before executing sensitive operations. Options include multi-factor authentication challenge, manager approval, security questions, or verification through a pre-authenticated channel (e.g., the user's corporate Slack or Teams account).
Test and Go Live
Run test operations: a password reset, a group membership change, and a user lookup. Verify that audit logs capture each action with the correct user, timestamp, and operation details. Enable the integration for your support channels once testing is complete.
Key Benefits
Automated Password Resets
Password reset tickets make up 20-30% of all IT support requests. HelpBot handles them end-to-end: verify identity, reset password, deliver temporary credentials securely, and prompt the user to set a new password at next login.
Self-Service Account Unlock
When an account gets locked after failed login attempts, HelpBot can verify the user's identity and unlock the account immediately. No waiting for IT to be available. Resolution time drops from hours to seconds.
Automated User Provisioning
New hire tickets trigger automatic account creation in AD with the correct group memberships, OU placement, and mailbox provisioning. HelpBot follows templates based on department and role.
Group Membership Management
Access requests are routed through approval workflows. Once approved, HelpBot adds the user to the correct security or distribution groups. Temporary access includes automatic expiration and removal.
Offboarding Automation
When an employee departs, HelpBot executes the full offboarding checklist: disable account, remove group memberships, revoke application access, forward email, and archive the mailbox. One ticket triggers the complete workflow.
Directory Health Monitoring
HelpBot monitors AD for stale accounts, expired passwords, and orphaned group memberships. It creates proactive tickets for IT to review, keeping the directory clean without manual audits.
Automation Scenarios
Password Reset
Trigger: "I forgot my password" ticketVerify identity via MFA or manager confirmation. Generate temporary password. Deliver via secure channel. Force password change at next login. Close ticket.
New Hire Setup
Trigger: Onboarding ticket from HRCreate AD account from template. Set department, manager, title. Add to standard groups. Create mailbox. Provision application access. Notify manager when complete.
Access Request
Trigger: "I need access to [system]"Identify required AD group. Route approval to group owner or manager. On approval, add membership. Set expiration if temporary. Log access grant.
Employee Departure
Trigger: Offboarding ticket from HRDisable account on departure date. Remove all group memberships. Set email forwarding. Convert mailbox to shared. Archive home drive. Generate compliance report.
Use Cases
After a weekend password expiration, 15 employees cannot log in on Monday morning. Instead of overwhelming the IT desk, each employee messages HelpBot. Identity is verified through their authenticated mobile device. Accounts are unlocked and passwords reset within 60 seconds. IT staff arrive to find zero waiting tickets.
An employee moves from Marketing to Sales. Their manager submits a transfer request. HelpBot updates the department, manager, and OU in Active Directory. It removes Marketing group memberships, adds Sales groups, updates the email distribution lists, and adjusts application access to match the new role. The employee's access reflects their new position by the next business day.
A contractor needs VPN and SharePoint access for a 3-month project. HelpBot provisions the account with an explicit expiration date. When the date arrives, the account is automatically disabled, group memberships are removed, and a summary is sent to the project manager. No manual follow-up needed.
Before a SOC 2 audit, the security team needs a list of all admin group members, dormant accounts, and access changes in the last 90 days. HelpBot generates the reports directly from Active Directory, formatted for auditor review. What used to take 2 days of manual work takes 5 minutes.