Recertification - report improperly assigned products - invalid group memberships
in progress
M
Michiel van der Veeken
Note: this feature is part of the milestone "Recertification" and requires the HelloID Governance module license.
As a security officer, I am submitting a feature request to strengthen our system's reporting capabilities concerning self-service products with invalid group memberships. Currently, there is a growing concern about instances where self-service products were correctly assigned during the initial request but are now associated with users who are no longer members of the required group(s).
To effectively address this potential security risk, I propose the implementation of a reporting mechanism capable of identifying cases where users lack the necessary group memberships for their assigned self-service products.
Implementing this feature will empower our team to proactively identify and rectify instances where users no longer meet the group membership requirements for their assigned self-service products. This enhancement will strengthen the security of our system, aligning access permissions with current group memberships.
M
Michiel van der Veeken
in progress
M
Michiel van der Veeken
Merged in a post:
Return product once a user cannot request it
M
Mark Spreeuwenberg
I would like to add the option to automatically return a product in case a user is no longer allowed to request the product. E.g. when a user requests an account for an application (which can be requested for specific departments only), I would like the product to be returned when the user is no longer working on this department. Checking whether the user works on a department is done via department groups in the AD.
M
Michiel van der Veeken
planned
Planned for 2024.05 release
M
Michiel van der Veeken
milestone
T
Toine Kortland
After switching from IAM to HelloID this month I was surprised this feature has been lost.
Previously in IAM users would lose a requested privilege/product automatically if this was unavailable for their new position.
Without this feature we would have to have all RO's check all their products daily/weekly/monthly(?) manually? Since there is no feature to supply them with a report/checklist of who is using what.
This missing feature is therefore going to cost us a lot of time and money.
Y
Yoshi Olthof
This is a must have for Apeldoorn. There are applications which use a DigiD connection. For Logius we have to prove that applicationrights must be returned on the day of the mutation. Especially with internal movements it's a challenge with the current options.
R
Ron Kuper
Add an option per product that makes this optional to use (similar to the 'Return on user disable') to not impact current live situations. This also allows customer to choose desired functionality