Description:

HelloID Provisioning already supports the following targeted actions via the UI:

- Re-enforce a granted entitlement (Business > Persons > Entitlements)

- Update a single account / Update all accounts (Enforcement > Update accounts)

- Unmanage an entitlement (Business > Persons > Entitlements)

- Retry failed entitlement action

None of these are accessible via the HelloID API. They can only be triggered manually through the UI.

The gap:

When a Service Automation workflow modifies Active Directory attributes (e.g. proxyAddresses, mail, userPrincipalName), those changes need to be propagated to downstream target systems via their Provisioning connectors. This cannot be automated because:

1. Enforcement only triggers on source system changes or business rule modifications — not on attribute changes made by Service Automation.

2. The UI actions above exist precisely for this purpose, but are UI-only.

3. Workarounds either introduce latency (waiting for the next scheduled enforcement) or bypass Provisioning entirely, losing audit trail and governance.

Request:

Expose the existing UI actions as API endpoints:

POST /provisioning/persons/{PersonGuid}/entitlements/{EntitlementGuid}/re-enforce

POST /provisioning/persons/{PersonGuid}/accounts/{AccountGuid}/update

POST /provisioning/persons/{PersonGuid}/entitlements/{EntitlementGuid}/unmanage

POST /provisioning/entitlement-actions/{ActionGuid}/retry

No new behavior is needed — just programmatic access to what already exists in the UI, authenticated via API key and respecting existing thresholds and exclusions.

A full enforcement is not a suitable alternative: it affects all persons and all target systems, introduces unnecessary load, and may trigger unintended changes across the entire tenant.

Exposing these targeted actions via API would enable fully automated, end-to-end identity workflows while preserving the governance and audit trail that HelloID Provisioning provides.