New target systems are disabled by default and all thresholds are active (grant & revoke)
complete
R
Rick van den Dijssel
complete
G
Grady Koopman
Merged in a post:
Enhanced threshold defaults and script-dependent behavior for Target Systems
Remco Houthuijzen
As a HelloID administrator, I aim to enhance the threshold configuration for target systems. When adding a new target system, all thresholds should be enabled by default with a value of “1”. This precaution helps prevent unintended mutations, which is crucial in a live environment with multiple administrators.
Additionally, HelloID now blocks entitlements when no script is configured. We propose that the threshold setting be greyed out and ignored if no script is present. When a script is added, the last configured value should be used, defaulting to “1”. This feature will add an extra layer of security, minimizing the risk of errors when configuring new or existing target systems.
G
Grady Koopman
in progress
R
Rick van den Dijssel
Hey Remco Houthuijzen, thanks for your feedback! I have a few more questions for you:
- Can you provide any specific scenarios where the current threshold configuration has caused issues in your operations?
- Could you elaborate on the potential risks you foresee if the threshold setting is not greyed out when no script is present?
- How frequently do you add new target systems and how many administrators are typically involved in this process?
Remco Houthuijzen
Hey Rick van den Dijssel, thank you for your fast response.
- Can you provide any specific scenarios where the current threshold configuration has caused issues in your operations?
While we haven’t encountered any major issues to date, there have been instances where thresholds were unexpectedly triggered without any associated actions or scripts. This has led to some confusion and questions from our customers.
- Could you elaborate on the potential risks you foresee if the threshold setting is not greyed out when no script is present?
An administrator who did not configure the scripts might be confused, as thresholds could be triggered without any associated actions or scripts. While we can turn the threshold off, this introduces risks when adding a script, as we might forget to re-enable the threshold. Therefore, we believe that having a mandatory threshold is essential to avoid these issues.
The riskiest situation occurs in a live environment where a change process is ongoing. In such cases, an uninvolved administrator or a schedule might enforce actions that should be blocked by a threshold, especially if the change is not yet complete.
- How frequently do you add new target systems and how many administrators are typically involved in this process?
The frequency of adding new target systems is low. However, this infrequency increases the risk of forgetting to configure thresholds. Typically, two administrators are involved in this process: one from the customer and one consultant. This number or composition can vary depending on the customer.