We would like a way in which we can convert the current target system state (accounts & permissions) to HelloID entitlement state based on the business rules. This way we have an good overview of all the entitlements which are already assigned in the target system. Another big advantage is that when we do an evaluation after import that we see which accounts are created and which permission are granted instead of everything. This information should improve the go live experience. Also a advantage is that it requires less actions to be executed and reduces the time to go live.

Suggestion:

Get the following data from the PowerShell V2 target system

A new powershell script per account and per permission definition is required to collect the preferred import data from the target system.

Convert the data into entitlements (network entitlement state) based on desired entitlements (configured in Business rules)

Needs preview to check what the result of script is (preview times the same as in import)

Show the difference and match between the network entitlement state and the desired entitlement state (minus enforcement state) based on the correlation configuration

Import the (network entitlement state) as the entitlement state

Cross check if account which has an account reference to a person does not correlate to another person

Show record when only account access should be imported

Show record when only memberships should be imported

Update accounts on next enforcement after entitlement is imported

Add origin imported entitlement to action on evaluation report

(Elastic) audit logging: audit log for each managed/imported entitlement and log user action with summary. (add this also in person\system audit logging as managed logging)

Add unmanage logging (bulk or manual) to person\system audit logging

Import data based on configured grid filters

Update all permissions when imported