Resolution
To resolve issues in your report, you can choose between two approaches: resolving multiple issues at once or addressing them individually. The differences between these two methods are explained below
Resolve multiple issues
To resolve multiple issues in the report click on the Resolve multiple issues button to continue.
This will slide in a windows on the right side of the screen.
In the right-side panel, select the appropriate action you want to take to resolve multiple issues.
Once selected, the issues in the left-side panel will be filtered to show only those that can be resolved with the chosen action. Depending on the action some options will appear. To see the options per action please check here.
It's possible to filter these issues and therefore change the number of actions taken (see the number of actions taken at the bottom of the panel). For filtering you can all the filter options defined here.
After careful consideration, click the 'Confirm' button to begin executing the actions.
Go to the Bulk actions tab to see the progress & logging of the bulk actions executed.
Only bulk actions started in the last generated report are visible in this tab. (Bulk actions taken in the previous report are not shown).
Note
The only exception is when a new report is created during the execution of bulk actions. In this case, the new report will stop the currently running bulk actions, and any progress made will be displayed once the new report is created
Resolve single issue
To show the resolution options: click on the Show issue resolution button.
This will slide in a window on the right side of the screen with the following tabs
Actions
This outlines all potential actions to resolve the issue, categorized by icons for clarity. Actions represented by a blue icon denote internal HelloID processes, while those with a red icon indicate procedures executed directly on the target system (please exercise caution with these actions)
Action | Description | Shown on the issue |
|---|---|---|
Resolve issue | Mark the selected issue as resolved and hide it from the report. It will reappear in new reconciliation reports if no other action is taken. | |
The account will not be shown in new reconciliation reports. Accounts that are excluded can be managed in the 'Exclusions' tab. | ||
Re-create account | Re-create the account in the next enforcement run if the person is still entitled to the account entitlement. (This can be done automatically based on setting in the configuration per system) | |
Re-enable account | Re-enable the account in the next enforcement run if the person is still entitled to the account access entitlement. (This can be done automatically based on setting in the configuration per system) | |
Disable account | Disable the account in the target system. This does not resolve the issue as the account will remain unmanaged. | |
Delete the account in the target system. | ||
Add permission | Re-grant the permission in the next enforcement run if the person is still entitled to the permission on that account. (this can be done automatically based on setting in the configuration per system) | |
Revoke permission | Revoke the permission for the specified account in the target system |
Before proceeding with any actions, we ensure that the proposed action remains relevant and that the issue persists. This precaution is necessary because the report may have been generated some time ago, and circumstances could have since evolved.
Rules
This will show all the related rules
If there is an account but no associated person, the rules window displays the business rules that contain the account or account access entitlement for that target system.
If a person is associated with an account, the rules window displays the business rules that contain the account or account access entitlements for that target system and the person is in scope.
Logging
This will show the process logging of the actions taken. Too see the process logging of already completed action you have the adjust the filtering to see resolved items
Account Details
This will show the mapped attributes as configured in the target system with values from the last import and helps you determine which action to take.
Delete account
Due to the irreversible nature of deleting an account within the target system, we've implemented an additional security measure. Before proceeding with the deletion, users are required to manually input the username of the account as a confirmation step.
Danger
Deleting an account is a permanent action, and thus, caution should be exercised before proceeding
Exclude account
In certain scenarios, immediate deletion of an account may not be desirable. Instead, maintaining the account open for a designated period before reevaluation for deletion is preferred. To address this need, we've incorporated an exclude account action. This option allows for the temporary exclusion of specific accounts for a defined period, after which they are reintroduced in the reconciliation report to reassess their necessity.
Note
Disable account option is only available when the account is enabled (active) in the target system
Note
When the report includes unmanaged permissions, you have the option to exclude them with the same time period as the account exclusion. Each permission will appear as a separate entry in the exclusion list, allowing you to remove individual permissions if needed.
Already excluded accounts can be reviewed on the exclusion overview