I would like to be able to have revoke as a manual entitlement option. In case a new user has been created in x target systems. While the user should have been correlated. I want to be able to revoke the new user from the target systems and after the correlation with the old and correct AD account, retry all the grants.

Instead of opening and adding an entitlement to 10, 20 or more BR's, we would like to be able to select multiple businessrules to add the selected entitlement to.

It would be nice to have some sort of global business rule with conditions. Right now, when we gradually bring an environment live, we add a few users in scope, then several departments, etc. To be able to do this correctly we add the users and departments as conditions to each businessrule, to be sure that nothing has been overlooked. But, this is time consuming. With a global business rule that is complementary to existing rules, this could be managed in a centralized manner. Just an idea, any thoughts on this?

As a HelloID administrator, I would like to send notifications on multiple pre-offboarding events. For example, I would like to send a notification 14 days before the employment ends, and also seven days before the employment ends.

Currently HelloID only sets the "c" attribute for the country. I would also like to have the co and countrycode fields set to the correct values in Active Directory - So when a country is set that it also looks up the values for the other two fields.

In some cases when updating targetsystems from our github repositories to comply to the newer version exportdata contents can be changed. This might result in duplicate fields in the export object with different casing or objects that are not updated anymore and not needed in other systems either. Currently the only option to clear the exportobject is to re-grant. It would be helpfull if an option can be added when executing a force account update to also force an update of the exportdata. Ofcourse the exportdata always has to be configured properly in the scripting then.

I would like to have an Advanced Business Rule that allows me to call upon a table of entitlements (for instance per department code have a table which specifies the AD groups for that department code). This will make possible quick and easy entry of a current authorization matrix, and ability to do mass updates where needed. By staying within the 1 BR this will allow easier maintenance and reduce time clicking in the GUI. To be used for simple but somewhat larger rule sets.

Currently, using HelloID Provisioning, HelloID has no way of knowing the mail address if you changed the mail address outside of HelloID. This causes issues, as the mail address isn't provisioned to other target systems. I would like to suggest to create a source system for AzureAD, and then correlate the users. This way, the emailaddress can be imported from Azure AD, making a change on the person, causing an update on all target systems.

I would be nice to be able to enrich an existing source system with information providing from an other system. Example : I would like to get the user's phone number from a telephone system. Today it is possible but we need to do this logical directly into the Source System PowerShell script (so it is not possible using out of the box source connector like AD). It would be nice to have a specific functionality for that.

we would like to have a version history of all parts of HelloID provisioning that is restorable, like we had in IAM.