Changelog

Follow up on the latest improvements and updates.

RSS

improved

Release 2025.10

Provisioning

Link an unmanaged account to a person

An unmanaged account in a target system can now be linked manually to a person in HelloID via the Import entitlements report.
Accounts and permissions can be imported from a target system if they are not yet managed in HelloID, but users are entitled to them according to the business rules. The
Import entitlements
report provides an overview of such accounts and permissions in a target system and now also allows to manually link accounts to persons before the import. Once imported, accounts and permissions are granted to the respective persons in HelloID, and any manually linked accounts are updated with the person's correlation value.
This enhancement replaces functionality previously provided by the Correlation report for Active Directory (AD) and Azure AD target systems. The Correlation report has been removed.
You can find the Import entitlements report in the Provisioning dashboard: go to
Business
>
Entitlements
>
Import
. To manually link an account, select the target system, click the link button next to the person, and then find and link the account.
ManuallyLinkAccountWindow-small

new

Recertification

Release 2025.10

Recertification request history

A complete history of all handled and pending recertification requests is now available through the
Recertification request history
page.
The page provides a clear overview of historical data, and makes it easy to follow up on specific recertification tasks, troubleshoot issues, and run audits.
Filter and search options make it quick to locate specific requests. New search options include the ID of the user the product was requested for, product ID, request ID, and recertification request ID.
Two new
rights
have been added for this page:
  • Recertification Management - View request history: allows viewing the page.
  • Recertification Management - Manage request history: required to retry failed product actions or mark actions as succeeded.
To access the page, go to
Recertification
>
Request history
in the Admin dashboard.
Note:
Recertification is part of the Governance module.
Recertification_RequestHistory
Important
  • Provisioning requires the newest agent for communication
Provisioning
Changed:
  • Link an Unmanaged Account to an Person in the Entitlement Import Report
Fixed:
  • Reconciliation exclusions removed when snapshot fails or has warnings
  • Removed the prefix 'Permission -' from all permissions in the business rules & reconciliation
Service Automation
Changed:
  • Recertification Request history
Fixed:
  • Multiselect doesn't work with custom labels
  • Conditional visibility works opposite as expected when relying on multiselect form component
  • Changing order of grid columns in dynamic form editor doesn't reflect properly in UI
Provisioning
Changed:
Fixed:
  • PS & Javascript editor keeps 'Loading'
  • Configuration issues no longer trigger retries for reconcilation report
  • Reconcilion retries are now visible in the UI
Service Automation
Changed:
  • Recertify improperly assigned products
Fixed:
  • Performance improvement for starting a new recertification campaign iteration with a large number of requests
  • Cannot create Dynamic Form using API when a form element in a form row depends on another element
  • Getting OpenID configuration returns CORS error
  • Changes to nested groups are not applied to products
Provisioning
Changed:
  • Reconciliation: increase limits support up to 30 million account and permission membership records.
Fixed:
  • Enforcement in error when retry grant an account after import
  • Toxic policy entitlements name are not updated even when the entilement is re-added to the business rules
  • Correlation value is empty when correlation field is part of an object like personal.employeeid on Powershell V2 Target systems
  • Blocked target system actions are not removed when an evaluation of enforcement returns no actions
  • Entitlement import not working with static entitlements which are configured via UI (not script) in Powershell V2 Target system
Service Automation
Changed:
  • Recertification Administration
Fixed:
  • Updating existing variables in HelloID variable library no longer works
  • DynamicForm corrupt after modifying 'defaultValue' property of an input field in a form row
  • Form styling for required fields are missing on some fieldtypes
  • SA agent does not use ScriptExecutionOptions from appsettings
  • Api/v1 GET products endpoint slow
  • Product show price toggle has no effect in end-user Product details UI
  • Loading Approval timeline when the logged in user is the next approver gives error
Provisioning
Fixed:
  • Audit logging of a target system change are even recorded when no change is made in case when a dependend system is selected.
  • When removing an entitlement from a business rule and selecting the unmanage option all entitlements removed from other or same business rule will also be unmanaged (until enforcement is executed) even when te revoke option is selected.
  • In the preview of import memberships an permission dropdown is shown when subpermission is chosen in the target powershell v2 system. This should not be the case because the selection of an permission does nothing for this screen and functionality.
Service Automation
Changed:
Fixed:
  • The Recertification Campaign overview does not sort correctly in HelloID Administration.
  • The Approval workflow timeline displays usernames instead of display names for pending approvers.
  • Security enhancements have been implemented for Delegated Form submissions.
Access Management
Changed:
  • Deprecated: QR Code login. Tenants using QR Code login can still use this feature for new tenants and tenants not using this functionality this feature is not available.

new

Reconciliation

Recertification

Release 2025.06

June 2025

Provisioning
Changed:
  • Reconciliation for PowerShell v2 target system. With this you can create a reconciliation report and take action for Powershell v2 target systems. Assuming the target system has the capabilitie to read all accounts & permissions. Currently we support the processing of up to 3 million records for reconciliation. This limit includes records from all configured systems (Powershell v2 and Active Directory).
Fixed:
  • Reconciliation when starting an exclude action with the exclude related permissions toggle enabled could result in duplicate actions and exclusions
  • Reconciliation when starting an exclude action on account issues with the exclude related permissions toggle enabled will now display the correct number of actions
  • Reconciliation when starting a bulk action for actions that are already locked the bulk action will never finish and show incorrect counts
  • Reconciliation when retrieving account data for an issue results in an error the old account data is shown
  • Filtering on date account field in reconciliation report or excludes doesn't work
  • Reconciliation when there are multiple persons with the same reference for an account, the permission issues where not always checked against the correct person
Service Automation
Changed:
  • Display campaign iteration progression information
  • Distinguishing recertification campaign types in UI
  • Recertification request state filter in Insights details overview
Fixed:
  • Icons do not render in GitHub readme
  • Can not approve a recertification as a delegated approver
  • PowerShell Script editor not shown when creating or editing a Delegated Form (hotfix)

new

Reconciliation

Release 2025.05

Recertification

May 2025

Important
Provisioning
Changed:
  • Reconciliation: Remove exclusions in bulk.
  • Increase field mapping name limit to 100 characters for both the Active Directory Target System & Powershell v2 Target system
Fixed:
  • Clicking the account tab in the PowerShell Target system could generate an audit log entry, even if no changes were made.
  • A person merge was left in limbo when the merge occurred without creating a snapshot, and the main person was missing in the subsequent import.
Service Automation
Changed:
  • Bulk selection for recertification requests
  • Periodic reminder email of open recertification requests
Fixed:
  • Missing "Product details" and "Request details" headers in request details side slide-in for My Products, Recertifcation Requests and Recertification Insights
  • Clicking "open request" in Admin > Self Service > Administration goes to request history overview instead of specific request details
  • Delegated Form submission results in the notification center are not translated
  • Navigation buttons padding is incorrect when requesting a product
  • Incorrect icon position in task execution tab on Request History page
  • Updated the product ownership limit message to improve clarity for end-users
  • Approval workflow preview is visible when requesting a product while "Show anticipated approvers" is turned off
  • Bulk recertification approval with time limit shows incorrect numbers (hotfix)
  • Recertification: new open requests email after iteration calculated not sent (hotfix)
Important
  • Provisioning requires the newest agent for communication
  • New item on domain whitelist cdn.helloid.cloud (scheduled for rollout with the May release please add before this release)
Provisioning
Changed:
  • Cancel running enforcement/actions. Allows to cancel an enforcement and all their action (with exception of the actions for which the script is already executing on the agent (onpremises/cloud))
  • Show powershell target import validation errors. Helps with detecting issues when importing target data.
  • In PSv2 Target systems, we have adjusted output filtering based on the fields defined in the mapping. Previously, we accepted any data type. However, this could lead to unexpected behavior when storing the data. To prevent this, we fixed some inconsistencies and we show a warning in preview when the data type isn't something we expect to be returned.
  • In PSv2 Target systems, 'mapping none' fields are no longer present in actionContext.Data but can still be found in outputContext.Data. This distinction allows us to differentiate between a 'mapping none' field and a field whose mapped source has a null value. A 'mapping none' field should be absent from actionContext.Data, whereas a field with a mapped source that holds a null value will still be present.
Fixed:
  • In PSv2 target systems, in preview a undefined system identifier is shown in the result data for Retrieve permissions.
  • Import permission memberships is available on the user interface of the PSv1 connector which doesn't support the functionality to import data from a target system.
  • Unmatched accounts in the import entitlements screen are missing when exported.
  • Object.x field as correlation key not properly supported when importing entitlements for an PSv2 target system
Service Automation
Changed:
  • Recertify time limited products
  • Elastic audit messages for recertification requests
  • Recertification campaign calculation summary email
Fixed:
  • Users with Recertification recertify rights cannot load the request's products and categories in the Recertification requests overview
  • Self-service inbox completed tab does not load any results when having a large amout of completed requests for the HelloID tenant (> 70.000)
  • Sending emails using the new Product actions is not working (hotfix)
  • Recertification approval messages to Elastic have incorrect index (hotfix)
Provisioning
Changed:
  • Force account actions via enforcement. No longer will the force account update button start actions directly but it will mark the account as needs to be updated and will update on the next enforcement run. This contains all the advantages an enforcement run has like dependency an up to date inconditions on contracts.
  • Import entitlements for PSv2 target systems. This allows the admin to import entitlements from a PSv2 target system and prevents create actions. We recommend to import the entitlements before the first big enforcement (go live run). With this you can see in the evaluation which accounts are actually created on the first big enforcement run (go live run).
  • Deprecating PowerShell V1 Target System. With this it's no longer allowed to create new Powershell V1 Target systems. Please be carefull when deleting a Powershell V1 Target systems because after deleting such system you cannot create a new one.
  • Provisioning agent number of max Powershell session is set to 10 instead of the previous 5.
Fixed:
  • Corrupt aggregation state after system delete
  • Provisioning not working correctly when username contains diacritics
Service Automation
Changed:
  • End-of-life Scheduled Reports
  • End-of-life end-user dashboard notifications
  • Basic recertification request approval for custom campaigns (beta - requires featureflag)
  • Add links from Delegated Form activities to edit form or edit task
Fixed:
  • Upgrade font awesome from 4.7 to latest for end-user and admin
  • Form data from form row not visible if the field it depends has "hide element" as show summary value
  • Retrieving tenant license information has been improved for Delegated Forms
Load More