We have completely redefined the way how approval for self-service products works. We are enabling administrators or consultants to specify, edit or delete fine-grained approval workflows. They have the power to determine:
- If requests should be automatically approved or denied after a certain period;
- If requesters can remind their approvers to take a look at the request;
- Select what scopes (read who the approvers are) should approve or deny;
- These scopes can also be enforced in different kind of ways:
- Anyone in the scopes should approve (need one approval)
- Every scope must approve
- Every scope must approve in sequential order (multi-step approval)
When configuring the workflows, we want to help the administrator. We will give a message when the workflow will cause an auto-approval. And when you are deleting a workflow, you will get the option to move all related products to another workflow.
Within the approval workflow, it is important to add scopes to answer "Who can perform the approval?" Therefore, we have created a new component, which we want to use on various screens in future versions of HelloID. With this selector, you can search for users, groups or even use runtime-based filters like the current manager of the logged on user. If the runtime filter or group filter is not enough, you can add a user attribute based filter. This way scope can be created for users, for example, with the title of Manager in the department Development. When a new manager arrives, the scope is automatically updated and enforced!
When the manager is on holiday, it would be nice if someone else could approve or deny a request made by an employee. Therefore, we are introducing a way to specify a delegated approver, which can be done by going to Approval preferences via the user profile in the top right corner. Specify who will take on the duty as a delegated approver for you and when his or her duty will expire.
We have replaced the incoming request page with a new inbox experience. The new user interface will look and feel like you are handling e-mails from colleagues. All relevant information is directly visible when you open a request. From there you can approve or the deny the request and go to the next one. It is also possible to select multiple and perform a bulk operation. There will be three tabs available:
- "Open" is for requests awaiting approval by the current logged on user dependent on their inclusion in the current approval scope.
- When you have approved a request, it will move to a tab we call "Pending." Requests in this state are approved by you but are awaiting approval of others.
- If a request is fully approved or denied, it will move the tab "Completed."
With the introduction of "multiple" approvers, we needed another way to display the action taken on a request. To do so, we created a timeline, which is available in every request detail screen and where applicable. The timeline will show a chronological order of actions, by whom the actions are performed and when via the comment they have left behind.
- From now on, it will be possible to undertake action directly from the notification in the notification center;
- It is now possible to add a comment when requesting, approving or denying a product. This is also possible when a user is requesting on behalf of another user.
- Renamed data owner to resource owner; To be more cohesive in every screen.
- Registration of requester will now correctly write who has requested the product and for whom;
- The badge on the notification center has been fixed and will show the number of open requests once again;
- Resolved a bug where QR codes could no longer be generated;
- Corrected issues with the health checks;
- The link to a task from when navigating from a person is now fixed;
- Due to a role configuration, the overview and edit credentials were loading forever. This is fixed;
- RADIUS-Services are available again;
- Fixed API endpoints where diacritic characters were not processed correctly;
- Saving passwords in the tenant management portal will no longer cause incorrect passwords;
- MetaData for SAML-applications will now generate the KeyDescriptor as the first element;
- iOS: Resolved issues with change password on login time limit;
- iOS: Resolved a problem where not all applications could be found due to missing settings;
- Agent status displayed: red or failed when a user doesn't have sufficient rights;
Updated the API
- Product: We have removed the need to specify default e-mail actions;
- Product: Removed the enable comments option for a product;
- Product: Added option to specify the workflow by workflow name;
- If none is given, the default will be appointed to the product;
Added systems and tasks
We have added Active Directory as a target system in this version. This means you can utilize the target mapper to provision persons via HR to Active Directory. To use the system and mapper you will need to configure tasks on 'person' events. We have created the following tasks:
- Create an AD user;
- Update AD user;
- Create or update AD user;
- Delete AD user;
We like to enable you and your organization to synchronize employee's from an HR system to HelloID, so we can help you with the automation of user provisioning. The first HR system we have added is AFAS Profit. We have added the following task:
- Synchronize people to HelloID
- Create ticket
What do you need to know
Migrated existing approval settings
With the introduction of the new approval workflow, we have migrated the old scenarios of approval settings to default workflow templates. We have defined three workflows which are used in the migration:
- Immediately auto-approve
- Approve by resource owner work
- Approve by resource owner and auto deny after thirty days
- We have removed the e-mail templates and actions for requests and approval e-mails, this can no longer be configured in the action editor of a product; This functionality will now be handled by HelloID; Which will send e-mails on request and approval. You still will have the possibility to add e-mail actions, but no longer our predefined templates;
- The product option to specify if a person can comment when approving is removed from the product. It is now optional to specify a comment when requesting, approving or denying a product. We may add an option (in the workflow) to set it to required in the future.
- Category auto-approve settings are removed and are redesigned in the approval workflows.
- The incoming request page has been replaced by the new inbox
- Handled by columns are removed. There is no longer "one" approver. You can view the handler of the request via the new timeline component. Which is available via the status label.
Functional altered behavior
- When enrolling a product when creating a new product, the workflow was determined by the category; From now on the default workflow will be selected when enrolling a product for the new application.