Provisioning

Currently, Toxic Policies prevent conflicting entitlements from being assigned simultaneously. However, when replacing one entitlement with another, HelloID requires multiple schedules to be configured and executed sequentially. Example: When replacing an F3 license with an E3 license, the F3 entitlement must first be removed and fully processed before the E3 entitlement can be granted. In practice, this means administrators often need to dedicate separate nightly schedules to handle these transitions safely. This becomes problematic for organizations that already use all available schedules for provisioning processes and cannot easily “free up” an additional schedule for nighttime processing. Requested Improvement Introduce dependency handling for entitlements defined within Toxic Policies. This would allow administrators to configure entitlement sequencing directly in HelloID, for example: Remove conflicting entitlement first Wait for successful processing/confirmation Automatically continue with assigning the new entitlement

When cloning a Business Rule, the Description field is not copied. Currently, we have to manually copy the Description field and paste it into the new rule. This is error-prone. Should this be considered as a bug or a feature request?

As an administrator i want to know in a multi-tenant environment with version of a create, update or delete script i am running. There is no version/release number in de powershell scripts. Now i always have todo a compaire or do it myself. or build a import form github when creating a target connector and tattoo the connector.

When creating a snapshot of a target system, the behavior differs depending on where the import fails: If the Account Entitlement import fails, an error is shown and the snapshot can be retried immediately. If the Permission Entitlement import fails, the snapshot cannot be retried immediately. Instead, a cooldown period of approximately one hour must pass before another attempt can be made. Why this is a problem During development, testing, and implementation projects, it is common for entitlement imports to fail due to configuration changes, mapping adjustments, or source system data issues. When a failure occurs during the Permission Entitlement import, the one-hour waiting period significantly slows down troubleshooting and validation efforts. After making a fix, administrators cannot immediately verify whether the issue has been resolved and must wait before the next test can be performed. As multiple test iterations are often required before a configuration is fully working, this results in unnecessary delays and reduced efficiency during both development and customer implementations. Suggested Improvement Allow administrators to manually retry a snapshot immediately after a Permission Entitlement import failure, similar to the current behavior for Account Entitlement import failures. This would: Reduce development and implementation time. Speed up troubleshooting and validation. Improve the overall experience when configuring and testing target systems. Remove unnecessary waiting time when resolving import-related issues. In short: if a snapshot fails during the Permission Entitlement import, administrators should be able to retry the snapshot immediately instead of waiting for the one-hour cooldown period.

It would be useful if we could use -SkipHeaderValidation in combination with Invoke-RestMethod in the cloud. When a reserved header (in my example "Date") needs to be passed to retrieve data from an API, PowerShell converts this into an actual date instead of an actual string.

Currently, the Exchange tab within the built-in AD connector in HelloID Provisioning automatically saves changes immediately after fields are modified. While convenient in some cases, this behavior can unintentionally overwrite existing credentials. In practice, this has caused multiple incidents where browser autofill tools such as LastPass automatically populated credential fields, resulting in the configured Exchange credentials being overwritten without the administrator noticing it immediately. We have also seen cases where customers reported that the connector stopped working, while the root cause turned out to be unintentionally changed credentials. Because changes are applied instantly, there is currently no safeguard or confirmation step before critical configuration values are stored. Proposal: - Replace Autosave with Explicit Save/Apply Action Introduce an Apply or Save button for the Exchange configuration tab so changes are only persisted after explicit user confirmation. - Optional Confirmation for Credential Changes Consider prompting users with a confirmation dialog when sensitive fields such as usernames or passwords are modified. - Prevent Browser Autofill Issues Evaluate whether credential fields can better prevent unintended autofill behavior from password managers and browsers. Benefits: - Reduced Risk of Accidental Misconfiguration Prevents credentials from being overwritten unintentionally by browser autofill tools or accidental edits. - Improved Stability and Reliability Reduces incidents where connectors unexpectedly stop functioning due to unnoticed credential changes. - Better Administrative Control Gives administrators explicit control over when configuration changes are committed. - Improved Troubleshooting Experience Makes configuration changes more deliberate and traceable, reducing confusion during support and implementation activities.

By default, T4E makes an entire backup of our Helloid environment. The most effort en time is in creating and customizing scripts and fieldmappings to match to our company infrastructure environment. Last we had a problem with one of the scripts. T4E responded quickly and helpfully, but they could only restore the entire environment. We would like to have e.g. a button that allows us to download all scripts and settings into separate files, so that we can restore a part as needed.

As a administrator i would like to toggle between "NON-authoritative" and "authoritative" management of entra or adds groups. This to prevent manual add or removing from users of a group. This makes sure the memberships are authoritative managed by HelloID, where non-authoritative is the default.

In a situation were a group has been deleted and then recreated it's impossible to determine which is the old and new group. Showing the ID on mouseover would make it easier to check which is which.

By changing the rule, I would like to know which persons do/ don't belong to the new scope