Provisioning

It would be very nice if we could schedule every single target system at a different time. We have a hybrid Azure AD tenant (local AD and a sync to Azure AD) and our users are provisioned to the local AD and then synced to Azure AD. But our Custom Azure AD connector generates an error if a user is created local and still not synced to Azure AD. That users is not available in Azure AD until the synchronization tool has done it's job.

Currently there is little information about aggregation suggestions available in Elastic - the general-incidents index shows in the 'identifier' field a record with 'PersonAggregationSuggestionAvailable' when there are ubsolved aggregation suggestions present. And the user actions on Aggregations are available in the provisioning-audit index. It would be nice to see more details on the persons (and number of persons) that it applies to including their CorrelationID. This type of info is available within the HelloID Provisioning environment, so hopefully it is possible to log it to elastic also? Perhaps this information should be present in the provisioning-audit index (with a relation to the correlationID of the applicable snapshot)

As an Administrator or end user I would like to have the option to use the OR statement to check on different attributes in a business rule. Currently only the AND statement is supported. Without this functionality I need to make a LOT of specific rules to facilitate the desired result.

I would like to be able to export the downloadable vault.json periodically to a share or access that data via API.

When adding a new custom field for a source system, the entire population will be regarded as updated, which is something that is not always wanted and may cause way too much unnecessary enforcement activity. I would like to suppress or disregard update events.

Provide an API to mass import business rules. Clients will usually have a mapping for department or job title to specific entitlements. Entering these manually can be a lot of work. Using an API to import (or even from CSV) will allow customers to quickly get started

some diacritics are not replaced by deleteDiacriticalMarks() function Is it possible to add those to the function? At this point I had issues with the characters: ĉĕČ I ran the function for many diacritics and the following list were also not replaced: ÆÝÞæþĀāĂ㥹ĈĉĊċČčĎďĐđĒēĔĕĖėĘęĚěĜĝĠġĢģĤĥĦħĨĩĪīĬĭĮįİıIJĴĵĶķĸĹĺĻļ ĽľĿŀŁłŃńŅņŇňʼnŊŋŒœŔŕŖŗŘřŚśŜŝŢţŤťŦŧŨũŪūŬŭŮůŲųŴŵŶŷŹźŻżſ

By changing the rule, I would like to know which persons do/ don't belong to the new scope

When editing a target system, the changes are immediately in production. It would be nice if the auto safe sets the changes made in a draft state so we can prepare changes in a target system and publish it when everything is tested and ready to be production. Just like the business rules. why i want this: Sometimes we need to troubleshoot a target system, and this may require some changes in the scripts, now we must be very careful to not safe some tests. this can result in excessive logging by mistake of even wrong results to a target system. other times I need to prepare changes that have to be reviewed before going to production, a draft in HelloID would be the perfect place to have this. This also applies for the source systems

When obsolete AD-group(s) have been removed HelloID still keeps trying to add users to the removed group. At the moment I have to check all business rules for the removed group and then remove it by hand. I would like to see that when a group is removed from the AD it automatically will be removed from all business rules.