Provisioning

We would like to receive notifications whenever a single blocked person is detected. While we understand that we could set the threshold to 1 to consistently block imports upon encountering a single blocked individual, this approach might not align with our objectives. Ideally, we'd prefer the import process to continue successfully while still receiving notifications about the presence of blocked individuals. To address this, one potential solution is to create an incident whenever a single blocked person exists.

We have several locations and based on the location of an employee we need to entitle the employee with a certain group. Now that costs us a business rule per location, so it would be nice if there would be an option to say: If location A then group A else if location B then group B else if location C then group C.... We expect more locations in the future, so in the current situation that would cost us a lot of business rules.

We'd like a notification on an aggregation suggestion, when persons are suggested to merge they are blocked for processing. So it's very important information to have. Right now you'd have to sign in every day to check if there are suggestions.

It would be very nice to have the option to put a specific threshold on the change of a job title for an employee. We have some rules that are based on job title. When a person gets a job title, that is completely new, the rule will not apply to that person anymore. In our case this results in a person no longer having an office license. So it would be very useful if we could put a threshold on the change of job title. The same applies for the change of departments. It would be very nice to be able to put a specific threshold on the change of department for persons.

When an account is enabled, we have configured that an e-mail with login details is send to manager/trainer. Sometimes the account already has been created in the AD and no e-mail is send. It would be nice if somehow it would be possible to get a notification that no mail is send with login details, so we know that we need to take extra steps to get the login details for the new employee.

As a HelloID admin, I want HelloID to recognize when a membership in Active Directory is already granted, so that redundant grant actions can be skipped during evaluation and give me a better evaluation forecast. Process Overview: Data Retrieval from Active Directory: Obtain data from the Active Directory target system, including permissions and memberships. Conversion to Granted Entitlements: Transform Active Directory permission data into granted entitlements for evaluation. Detailed Permissions Display: Display all permissions to be imported for each account, offering comprehensive insight. Import of Converted Data: Import the converted Active Directory account data as granted entitlements into the system. Evaluation Comparison: Contrast HelloID's desired state based on Business Rules (BR) with the current state in Active Directory. Benefits: Streamlined Evaluation: By importing existing Active Directory memberships and permissions, HelloID optimizes the evaluation process, enabling the system to skip redundant grant actions when memberships are already present. Clarity in Changes: This approach provides a clearer overview of actual changes in Active Directory during evaluation, facilitating better decision-making and management.

We believe HelloID should have build in support for SCIM (System for Cross-domain Identity Management) targets, SCIM is an open standard for user provisioning which is used by many applications. The currect V2 mapping scheme currently not developed enough to be user friendly in the configuration for a generic SCIM target. Mainly because we cant use : characters in the fieldnames and the fact we cant create object arrays (Which you can do in the Entra ID Mapping).

Wij kunnen niet rechtstreeks zelf in HelloID. De provisioning wordt 3x per dag uitgevoerd. Soms moet een medewerker diezelfde dag nog beginnen en is het wenselijk dat we zelf handmatig de provisioning kunnen starten. Is er een mogelijkheid dat wij de synchronisatie van HelloID Provisioning zelf handmatig op kunnen starten. Zeker in de weekenden als er geen ondersteuning is van onze ICT partij zou dat zeer wenselijk zijn.

Please provide support to also change the link to the GitHub repository in the source system. This is only needed whenever performing a source system migration. If the externalID of the persons are the same in the new source system, we now replace the PowerShell code and mapping, etc. to the new system. The builtin link to the readme of the GitHub repo is however unreplacable.

We would like to have the option to double click on a person in persons or Entitlements grant/action/history or everywhere where we cannot select text. So that it will copy the externalid.