Provisioning

When I am performing an action via the reconciliation report, I would like to be able to add a comment or reference. This is to 'link' the action or bulk actions to (for instance) a TOPdesk ticket or meeting notes where the actions are approved or requested. This is for audit trail purposes and should also show in the elastic reports so this can be exported.

Currently, we can only see if a threshold is reached yes/no and what causes it; create/update/delete. It would be a real help if we could also see who actually causes the create/update/delete. That way we can first validate the data before we approve it. Now we always have to approve first and can only then see the actual changes. Especially when adjusting some settings in the source import it would be amazing to know this before approving the import. Because once we approve, the updates are already "triggered" and will be executed no matter the further changes to our source system. This causes (a lot of) unwanted actions, that could have otherwise been prevented.

Currently there is an option to export business rules to CSV but no import option. Please allow import of business rules through CSV, this should also enable quickly editing large amounts of conditions (for example, only apply this rule to the following 100 employee ID's, this is really cumbersome currently)

It would be beneficial if the an attribute could have conditions on whether an update should occur. For example, if in a Active Directory target system with update attribute for mail, samaccountname, and upn is enabled. An account update is triggered, but the first/last names have not changed. The username generation should not process. One of the issues right now is the following: John Doe is the person with a username of jodoe because jdoe was taken at the time the account was created. After a period of time jdoe ends up being created and John Doe goes through an Account update. Their username would then be changed to jdoe now because that is the first iteration available. If we only updating when first/last changes then this would not occur.

It would be nice to see the number of people in a draft business rule. I would suggest to create two colums one the rules overview page, one with the number in the published rule, and one with the number for the draft rule.

I really would like to see what actions specifically are being blocked before allowing them. I mean, they are blocked because so you can check if you really want all those many updates. Therefor it would be nice to be able to see what you let through.

I'm encountering an issue at a client where I can't add all groups as entitlements to a business rule (built-in AD). The group in question has a name that consists of two characters. When I search for it, I get more than 500 results, but the group is not among the first 500. It seems that the list of entitlements doesn't expand beyond the first 500 results. In other words, I can't select the group to add it to the business rule. I've also tried searching by OU and using quotes around the search term, but unfortunately, neither option solves the problem. Could we add an option to extend the limit of 500 entitlements or add an option to filter on exact matches (maybe by default and add wildcard filters)?

I would like to have the option to suppress notifications when force updating all users for a system.

We'd like to have an API to read the configuration of source and target systems with the intent to run our own backups, currently this information is not backuped. With an api we can scrape this data and save it to our own datastore so we can back this data up for ourselves.

When a configured toxic policy rule decides to deny an entitlement in favor of another entitlement, I would like to see that decision mentioned in the persons audit log. Otherwise it would be hard to see why a person should get an entitlement according to a business rule but does not get it.