Provisioning

Currently there is an option to export business rules to CSV but no import option. Please allow import of business rules through CSV, this should also enable quickly editing large amounts of conditions (for example, only apply this rule to the following 100 employee ID's, this is really cumbersome currently)

We would like a way in which we can convert the current target system state (accounts & permissions) to HelloID entitlement state based on the business rules. This way we have an good overview of all the entitlements which are already assigned in the target system. Another big advantage is that when we do an evaluation after import that we see which accounts are created and which permission are granted instead of everything. This information should improve the go live experience. Also a advantage is that it requires less actions to be executed and reduces the time to go live. Suggestion: Get the following data from the PowerShell V2 target system Account Account Access Permission A new powershell script per account and per permission definition is required to collect the preferred import data from the target system. Convert the data into entitlements (network entitlement state) based on desired entitlements (configured in Business rules) Needs preview to check what the result of script is (preview times the same as in import) Show the difference and match between the network entitlement state and the desired entitlement state (minus enforcement state) based on the correlation configuration Import the (network entitlement state) as the entitlement state Cross check if account which has an account reference to a person does not correlate to another person Show record when only account access should be imported Show record when only memberships should be imported Update accounts on next enforcement after entitlement is imported Add origin imported entitlement to action on evaluation report (Elastic) audit logging: audit log for each managed/imported entitlement and log user action with summary. (add this also in person\system audit logging as managed logging) Add unmanage logging (bulk or manual) to person\system audit logging Import data based on configured grid filters Update all permissions when imported

I would like to have an option to prioritize one source system above another source system so that a person from the primary system ALWAYS becomes the primary person in case of (automatic) aggregation. This is especially the case when the secondary source system is only being used for source enrichment. Since person data in the source enrichment source systems is obviously not complete since it is not (really) an HR system (e.g. Student Information System like Somtoday or Magister), accounts cannot and must not be created from data from secondary systems. It must be prevented to do so at all times to prevent errors in HelloID and target systems.

I would like to see that the resource scripts also be limited based on the Concurrent action configuration. In my case I am dealing with a very limited target system and I have multiple resource scripts. As soon as these are executed simultaneously the script will definitely hit the limitation. If I can execute these tasks in sequence the chance of the target system hitting the limit is less.

Right now a user needs admin access to HelloID and gets full access to the Provisioning console. We would like to be able to grant someone only access to persons and/or business rules only.

The HelloID Subpermissions script always returns an audit log. When a custom audit log is not provided, the script returns the default audit logs. However, in an update permissions scenario, there may be cases where no changes are required and you do not want to write an audit log. In the Update User script, you can suppress the audit log by leaving the PreviousData and Data to be the same. We would like to apply the same logic to the Subpermissions script, so it can be executed without writing an audit log when not required.

We have multiple HR sources (seven in total) and all sources have their own thresholds. If a threshold of one of the sources is exceeded all of the source imports get blocked. This was an unexpected result for us and because of this unnecessary incidents occured concerning uncreated accounts. We believe that only the the actions from the source where the threshold has been exceeded should be blocked. The import of all the other sources should be processed as usual. We reported this as a bug but we were told that it works a designed. We think it's a design flaw and we hope this will be corrected in the near future.

A client indicates they don't want to receive any offboarding notifications regarding an employee who has passed away. For now, we can use custom events to prevent notifications from being sent based on a certain attribute, but an option to disable notifications with for example a switch in the person overview would be useful in this case.

Can we support conditional event for the pre-onboard and pre-offboard events This way we can send a pre-offboard mail for each company. In example: If someone leaves for company1, we send the pre-offboarding company1 mail, and if someone leaves company2, we send the pre-offboarding mail for company2.

The HelloID Subpermissions script always returns an audit log. When a custom audit log is not provided, the script returns the default audit logs. However, in an update permissions scenario, there may be cases where no changes are required and you do not want to write an audit log. In the Update User script, you can suppress the audit log by leaving the PreviousData and Data to be the same. We would like to apply the same logic to the Subpermissions script, so it can be executed without writing an audit log when not required.