Provisioning

When editing a target system, the changes are immediately in production. It would be nice if the auto safe sets the changes made in a draft state so we can prepare changes in a target system and publish it when everything is tested and ready to be production. Just like the business rules. why i want this: Sometimes we need to troubleshoot a target system, and this may require some changes in the scripts, now we must be very careful to not safe some tests. this can result in excessive logging by mistake of even wrong results to a target system. other times I need to prepare changes that have to be reviewed before going to production, a draft in HelloID would be the perfect place to have this. This also applies for the source systems

Currently there are 3 schedule moments. We prefer to see 10 schedule moments. It will also help to add exact times when a sync should take place.

When the AFAS application manager changes a title from a code, the business rule keeps working (because of the code) but the changed title doesn't get through. Can this be changed.

Although the import-module method is not allowed in Powershell Core it would be nice to be able to import the EXO module in Powershell Cloud for tenants that do not use an On-Premise HID Agent.

Excluded persons are present in the reconciliation report in HelloID Provisioning. This should by default not be the case. There are however use cases in which this could happen. Following use case is applicable: person is in scope, entitlements are granted by HelloID (Account, permission). the person is manually excluded in HelloID the Active Directory account is deleted manually, not by HelloID! in the person, the in the past granted entitlements are still shown I'm aware that the best practise is to also unmanage the entitlements in case you exclude a person. Sadly not everyone is following the best practise.... That is why an option to filter on excluded persons would be nice in the reconciliation report. That way you could actually mark those excluded persons in the reconciliation, to be resolved for 3 months for example.

On the source and target systems I noticed some text is being stripped from the description fields. For example i cannot paste an url because the http or https part will be stripped from it. Even if this character sequence is part of a bigger string it is filtered out. It will also delete everything between <> characters, even if there is a full sentence between them. I guess if I search a little more that I will find more examples, but these I've experienced first hand. There should be no reason for this behavior, so please let me use the characters I want in the description field. If malicious userinput is your concern, than you could just store the description HtmlEncoded. This way we can have what we want and the app is as secure as ever.

We would like to receive notifications whenever a single blocked person is detected. While we understand that we could set the threshold to 1 to consistently block imports upon encountering a single blocked individual, this approach might not align with our objectives. Ideally, we'd prefer the import process to continue successfully while still receiving notifications about the presence of blocked individuals. To address this, one potential solution is to create an incident whenever a single blocked person exists.

We would like the ability to configure a new condition attribute and add it to selected business rules.

Right now a user needs admin access to HelloID and gets full access to the Provisioning console. We would like to be able to grant someone only access to persons and/or business rules only.

Wat voor ons een "nice to have" zou zijn is de volgende functionaliteit: Iemand gaat per vandaag met een vaststellingsovereenkomst op 31-12-2024 uitdienst. Deze persoon is vanaf a.s. maandag vrij gesteld van werk en hoeft per die datum niet meer te werken. De laatste werkdag is dus 11-10-2024. Na deze dag willen we beperkte of geen toegang meer verschaffen tot onze systemen. Het zou mooi zijn als HelloID Provisioning op een "laatste werkdag" kan acteren waarbij je kunt aangeven voor welke Targets dit dan zou moeten gelden, zodat die accounts worden afgenomen.