Provisioning

By default, T4E makes an entire backup of our Helloid environment. The most effort en time is in creating and customizing scripts and fieldmappings to match to our company infrastructure environment. Last we had a problem with one of the scripts. T4E responded quickly and helpfully, but they could only restore the entire environment. We would like to have e.g. a button that allows us to download all scripts and settings into separate files, so that we can restore a part as needed.

Currently, the Exchange tab within the built-in AD connector in HelloID Provisioning automatically saves changes immediately after fields are modified. While convenient in some cases, this behavior can unintentionally overwrite existing credentials. In practice, this has caused multiple incidents where browser autofill tools such as LastPass automatically populated credential fields, resulting in the configured Exchange credentials being overwritten without the administrator noticing it immediately. We have also seen cases where customers reported that the connector stopped working, while the root cause turned out to be unintentionally changed credentials. Because changes are applied instantly, there is currently no safeguard or confirmation step before critical configuration values are stored. Proposal: - Replace Autosave with Explicit Save/Apply Action Introduce an Apply or Save button for the Exchange configuration tab so changes are only persisted after explicit user confirmation. - Optional Confirmation for Credential Changes Consider prompting users with a confirmation dialog when sensitive fields such as usernames or passwords are modified. - Prevent Browser Autofill Issues Evaluate whether credential fields can better prevent unintended autofill behavior from password managers and browsers. Benefits: - Reduced Risk of Accidental Misconfiguration Prevents credentials from being overwritten unintentionally by browser autofill tools or accidental edits. - Improved Stability and Reliability Reduces incidents where connectors unexpectedly stop functioning due to unnoticed credential changes. - Better Administrative Control Gives administrators explicit control over when configuration changes are committed. - Improved Troubleshooting Experience Makes configuration changes more deliberate and traceable, reducing confusion during support and implementation activities.

Now that the new tab Entitlements is live under Business Rules it would be really helpful if you could filter on the warnings and errors. We have a lot of entitlements that do not show without filters, this makes it pretty difficult to find all the warnings and errors. The export function does not include this flag either.

There are audit logs when someone changes source or target systems, but when someone changes a notification system there is no logging. now we have "User action - Source systems changes report" and "User action - Target systems changes report', but we also need a "User action - Notification systems changes report". I think this logging is just as important as for the source and target systems, it helps troubleshooting and gives insights to changes.

Currently the report is sorted on person, it would be nice to add more sorts to the columns so i can choose how to sort the report. For example on permission, so i can scrol past certain permissions groups and focus on those for the set of persons without needing to filter, same for issue.

The permissions import script and import permission membership scripts, in their current form, share a lot of similar logic. For the import permissions script i need to retrieve all possible permissions which could be assigned, so i can use them in business rules. The permission membership import also needs all the imported permissions. This essentially means i have to import these same permissions 2 times, which for a snapshot will be back-to-back. For some permissions this can take a long time, especially with bigger environments or more complex retrievals (like Microsoft Teams with channels). The snapshot also cancels permission membership imports after a failure in one of the permission import script, which means the imported permissions are always available. Having the imported permissions available in the $ActionContext of the membership import script would; reduce potential mismatches in the imported permissions and imported memberships, enable faster imports, reduce complexity in the import membership script.

I would be nice to be able to enrich an existing source system with information providing from an other system. Example : I would like to get the user's phone number from a telephone system. Today it is possible but we need to do this logical directly into the Source System PowerShell script (so it is not possible using out of the box source connector like AD). It would be nice to have a specific functionality for that.

In HelloID Provisioning, I would like the ability to export validation issues from Target → Snapshots. This would allow me to retrieve a clear overview of all validation errors for a specific import and use that information to resolve issues directly in the target application. Currently, these validation issues are only visible within the interface, which makes it difficult to efficiently analyze and follow up on them outside of HelloID. An export option to CSV would significantly improve troubleshooting and overall data quality management.

Now for a specific connector, the supplier (Loket) changes the lifetime of the refresh token, and a refresh token can only be used three times. Therefore, it is necessary to update the refresh token each time an access token is requested. This means that we must have a place to store and update the refresh token to maintain continuous authorization. We could use a local disk or a remotely accessible disk, but we prefer a built-in solution in HelloID to store the refresh token. It must be possible to manually set the initial refresh token, and after each run, the refresh token should be updated.

When doing maintenance tasks in HelloID Provisioning (like migrating/upgrading source- or targetsystems) it would be useful to set a maintenance mode (e.g. textbanner or lock) so that only the person who is doing maintenance can start new imports/snapshots/evaluations/enforcements. This prevents that other portal users make changes in the provisioning module that could disrupt the provisioning process.