284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
1234 lines
29 KiB
JSON
1234 lines
29 KiB
JSON
[
|
|
{
|
|
"id": "T001",
|
|
"description": "CE delegator routes for Entra endpoints return EE-only error payload when enterprise edition is disabled.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F001",
|
|
"F002"
|
|
]
|
|
},
|
|
{
|
|
"id": "T002",
|
|
"description": "EE delegator forwards Entra route methods to EE handlers when enterprise edition is enabled.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F001",
|
|
"F002"
|
|
]
|
|
},
|
|
{
|
|
"id": "T003",
|
|
"description": "`entraActions` exports compile and are available from integrations actions barrel.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F003"
|
|
]
|
|
},
|
|
{
|
|
"id": "T004",
|
|
"description": "Integrations settings page renders Entra entry card in EE mode.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F004",
|
|
"F005"
|
|
]
|
|
},
|
|
{
|
|
"id": "T005",
|
|
"description": "`EntraIntegrationSettings` dynamic import loads successfully and renders base shell.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F005"
|
|
]
|
|
},
|
|
{
|
|
"id": "T006",
|
|
"description": "`entra-integration-ui` disabled hides Entra settings surface.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F006",
|
|
"F007"
|
|
]
|
|
},
|
|
{
|
|
"id": "T007",
|
|
"description": "`entra-integration-ui` enabled shows Entra settings surface.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F006",
|
|
"F007"
|
|
]
|
|
},
|
|
{
|
|
"id": "T008",
|
|
"description": "Client details Entra sync action is hidden when `entra-integration-client-sync-action` is disabled.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F008",
|
|
"F009"
|
|
]
|
|
},
|
|
{
|
|
"id": "T009",
|
|
"description": "CIPP connection option is hidden when `entra-integration-cipp` is disabled.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Phase 1 enforces a stronger invariant: CIPP option is hidden unconditionally. See T009b.",
|
|
"featureIds": [
|
|
"F011"
|
|
]
|
|
},
|
|
{
|
|
"id": "T009b",
|
|
"description": "CIPP connection option is hidden regardless of the `entra-integration-cipp` flag value (Phase 1 Direct-only invariant).",
|
|
"implemented": false,
|
|
"featureIds": [
|
|
"F011"
|
|
]
|
|
},
|
|
{
|
|
"id": "T010",
|
|
"description": "Field-sync and reconciliation queue UI sections are hidden when their flags are disabled.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F012"
|
|
]
|
|
},
|
|
{
|
|
"id": "T011",
|
|
"description": "Migration creates `entra_partner_connections` with expected required columns.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F013"
|
|
]
|
|
},
|
|
{
|
|
"id": "T012",
|
|
"description": "Unique active-connection constraint rejects second active connection for same tenant.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F014"
|
|
]
|
|
},
|
|
{
|
|
"id": "T013",
|
|
"description": "Migration creates `entra_managed_tenants` plus indexes used by discovery/mapping queries.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F015",
|
|
"F016"
|
|
]
|
|
},
|
|
{
|
|
"id": "T014",
|
|
"description": "Migration creates `entra_client_tenant_mappings` and enforces unique active mapping per discovered tenant.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F017",
|
|
"F018"
|
|
]
|
|
},
|
|
{
|
|
"id": "T015",
|
|
"description": "Migration creates `entra_sync_settings` with default cadence and toggle fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F019",
|
|
"F031"
|
|
]
|
|
},
|
|
{
|
|
"id": "T016",
|
|
"description": "Migration creates `entra_sync_runs` and expected status/count fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F020"
|
|
]
|
|
},
|
|
{
|
|
"id": "T017",
|
|
"description": "Migration creates `entra_sync_run_tenants` with valid foreign keys to parent sync runs.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F021"
|
|
]
|
|
},
|
|
{
|
|
"id": "T018",
|
|
"description": "Migration creates `entra_contact_links` with unique (`tenant`,`entra_tenant_id`,`entra_object_id`) constraint.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F022",
|
|
"F023"
|
|
]
|
|
},
|
|
{
|
|
"id": "T019",
|
|
"description": "Migration enforces one active Entra link per contact.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F024"
|
|
]
|
|
},
|
|
{
|
|
"id": "T020",
|
|
"description": "Migration creates `entra_contact_reconciliation_queue` and lookup indexes.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F025"
|
|
]
|
|
},
|
|
{
|
|
"id": "T021",
|
|
"description": "`clients` table contains `entra_tenant_id` and `entra_primary_domain` columns post-migration.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F026",
|
|
"F027"
|
|
]
|
|
},
|
|
{
|
|
"id": "T022",
|
|
"description": "`contacts` table contains Entra identity and sync metadata columns post-migration.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F028",
|
|
"F029",
|
|
"F030"
|
|
]
|
|
},
|
|
{
|
|
"id": "T023",
|
|
"description": "Existing tenants receive one default `entra_sync_settings` row during backfill migration.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F031"
|
|
]
|
|
},
|
|
{
|
|
"id": "T024",
|
|
"description": "New Entra interfaces/types compile and align with migration schema.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F032"
|
|
]
|
|
},
|
|
{
|
|
"id": "T025",
|
|
"description": "Mapping validation blocks duplicate assignment of one discovered tenant to multiple clients.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F018",
|
|
"F066"
|
|
]
|
|
},
|
|
{
|
|
"id": "T026",
|
|
"description": "Unmap action updates mapping state without deleting historical sync run data.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F064",
|
|
"F020",
|
|
"F021"
|
|
]
|
|
},
|
|
{
|
|
"id": "T027",
|
|
"description": "Remap action updates active mapping to target client and refreshes client linkage fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F065",
|
|
"F062",
|
|
"F063"
|
|
]
|
|
},
|
|
{
|
|
"id": "T028",
|
|
"description": "Disconnect flow does not remove existing sync run history rows.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F044",
|
|
"F020",
|
|
"F021"
|
|
]
|
|
},
|
|
{
|
|
"id": "T029",
|
|
"description": "Schema defaults keep Entra sync metadata columns nullable for backward-compatible contact rows.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F028",
|
|
"F029",
|
|
"F030"
|
|
]
|
|
},
|
|
{
|
|
"id": "T030",
|
|
"description": "Lookup indexes on discovered tenants and mappings are used by mapping preview queries.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F016",
|
|
"F018",
|
|
"F056"
|
|
]
|
|
},
|
|
{
|
|
"id": "T031",
|
|
"description": "Direct connect initiation rejects users lacking update permission.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F035",
|
|
"F119"
|
|
]
|
|
},
|
|
{
|
|
"id": "T032",
|
|
"description": "Direct connect initiation returns OAuth URL with encoded nonce/state.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F035"
|
|
]
|
|
},
|
|
{
|
|
"id": "T033",
|
|
"description": "Entra OAuth callback rejects missing/invalid code-state requests.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F036"
|
|
]
|
|
},
|
|
{
|
|
"id": "T034",
|
|
"description": "Entra OAuth callback persists token references and marks connection active.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F036",
|
|
"F043"
|
|
]
|
|
},
|
|
{
|
|
"id": "T035",
|
|
"description": "Direct token refresh updates stored access token and expiry fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F037",
|
|
"F038"
|
|
]
|
|
},
|
|
{
|
|
"id": "T036",
|
|
"description": "CIPP connect action validates base URL format and rejects invalid values.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Unit test retained in repo but not required for Phase 1 sign-off.",
|
|
"featureIds": [
|
|
"F039"
|
|
]
|
|
},
|
|
{
|
|
"id": "T037",
|
|
"description": "CIPP connect action stores API token via tenant secret provider (not plaintext DB field).",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Unit test retained in repo but not required for Phase 1 sign-off.",
|
|
"featureIds": [
|
|
"F039",
|
|
"F040"
|
|
]
|
|
},
|
|
{
|
|
"id": "T038",
|
|
"description": "Direct validation action succeeds with valid credentials and reachable tenant list.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F041",
|
|
"F047"
|
|
]
|
|
},
|
|
{
|
|
"id": "T039",
|
|
"description": "CIPP validation action succeeds with valid CIPP token and tenant endpoint response.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Validation route retained but not required for Phase 1 sign-off.",
|
|
"featureIds": [
|
|
"F042",
|
|
"F049"
|
|
]
|
|
},
|
|
{
|
|
"id": "T040",
|
|
"description": "Disconnect action clears provider-specific secrets and marks status disconnected.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F044"
|
|
]
|
|
},
|
|
{
|
|
"id": "T041",
|
|
"description": "Switching direct->CIPP removes stale direct tokens and vice versa.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. User-triggered switching is not exposed; defensive cleanup logic retained.",
|
|
"featureIds": [
|
|
"F045"
|
|
]
|
|
},
|
|
{
|
|
"id": "T042",
|
|
"description": "Credential resolver prefers tenant Microsoft credentials when both tenant id/secret are present.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F034"
|
|
]
|
|
},
|
|
{
|
|
"id": "T043",
|
|
"description": "Credential resolver falls back to env credentials when tenant pair is absent.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F034"
|
|
]
|
|
},
|
|
{
|
|
"id": "T044",
|
|
"description": "Credential resolver falls back to app secrets when tenant/env are absent.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F034"
|
|
]
|
|
},
|
|
{
|
|
"id": "T045",
|
|
"description": "Secret key constants map all required direct/CIPP secret names consistently.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F033"
|
|
]
|
|
},
|
|
{
|
|
"id": "T046",
|
|
"description": "Provider factory returns direct adapter when connection type is direct.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F046",
|
|
"F047",
|
|
"F048"
|
|
]
|
|
},
|
|
{
|
|
"id": "T047",
|
|
"description": "Provider factory returns CIPP adapter when connection type is cipp.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Factory path retained in code for future reinstatement.",
|
|
"featureIds": [
|
|
"F046",
|
|
"F049",
|
|
"F050"
|
|
]
|
|
},
|
|
{
|
|
"id": "T048",
|
|
"description": "Direct adapter tenant responses normalize into canonical managed-tenant DTO fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F047"
|
|
]
|
|
},
|
|
{
|
|
"id": "T049",
|
|
"description": "Direct adapter user responses normalize into canonical sync-user DTO fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F048"
|
|
]
|
|
},
|
|
{
|
|
"id": "T050",
|
|
"description": "CIPP adapter tenant responses normalize into canonical managed-tenant DTO fields.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Adapter test retained in repo but not required for Phase 1 sign-off.",
|
|
"featureIds": [
|
|
"F049"
|
|
]
|
|
},
|
|
{
|
|
"id": "T051",
|
|
"description": "CIPP adapter user responses normalize into canonical sync-user DTO fields.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Adapter test retained in repo but not required for Phase 1 sign-off.",
|
|
"featureIds": [
|
|
"F050"
|
|
]
|
|
},
|
|
{
|
|
"id": "T052",
|
|
"description": "Discovery action inserts new managed tenants and updates existing rows idempotently.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F051",
|
|
"F052"
|
|
]
|
|
},
|
|
{
|
|
"id": "T053",
|
|
"description": "Discovery action updates changed display name/domain for previously discovered tenant rows.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F052"
|
|
]
|
|
},
|
|
{
|
|
"id": "T054",
|
|
"description": "Discovery action persists provider user counts per managed tenant.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F052"
|
|
]
|
|
},
|
|
{
|
|
"id": "T055",
|
|
"description": "Exact domain match appears in `autoMatched` preview group.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F053",
|
|
"F056"
|
|
]
|
|
},
|
|
{
|
|
"id": "T056",
|
|
"description": "Secondary-domain match path contributes candidate confidence values.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F054",
|
|
"F056"
|
|
]
|
|
},
|
|
{
|
|
"id": "T057",
|
|
"description": "Fuzzy match candidates are sorted by score and never auto-confirmed.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F055",
|
|
"F056"
|
|
]
|
|
},
|
|
{
|
|
"id": "T058",
|
|
"description": "Preview returns unmatched list when no candidate crosses threshold.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F056"
|
|
]
|
|
},
|
|
{
|
|
"id": "T059",
|
|
"description": "Mapping table UI supports selecting candidate client for fuzzy/unmatched entries.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F057",
|
|
"F058"
|
|
]
|
|
},
|
|
{
|
|
"id": "T060",
|
|
"description": "Skip control marks tenant mapping row as skipped without creating active mapping.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F059"
|
|
]
|
|
},
|
|
{
|
|
"id": "T061",
|
|
"description": "Bulk accept marks all exact auto matches as selected pending confirm.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F060"
|
|
]
|
|
},
|
|
{
|
|
"id": "T062",
|
|
"description": "Confirm mappings persists only selected mappings and does not write during preview stage.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F061"
|
|
]
|
|
},
|
|
{
|
|
"id": "T063",
|
|
"description": "Confirm mappings updates mapped client rows with Entra tenant id and primary domain.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F062"
|
|
]
|
|
},
|
|
{
|
|
"id": "T064",
|
|
"description": "Remap operation preserves one active mapping row and updates previous mapping state.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F063",
|
|
"F065"
|
|
]
|
|
},
|
|
{
|
|
"id": "T065",
|
|
"description": "Mapping summary counters reflect mapped/skipped/review counts after confirm.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F067"
|
|
]
|
|
},
|
|
{
|
|
"id": "T066",
|
|
"description": "`Run Initial Sync` CTA remains disabled when there are zero confirmed mappings.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F068"
|
|
]
|
|
},
|
|
{
|
|
"id": "T067",
|
|
"description": "Skipped tenants panel lists skipped entries and allows remap entry.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F069"
|
|
]
|
|
},
|
|
{
|
|
"id": "T068",
|
|
"description": "Mapping wizard remains inaccessible while `entra-integration-ui` flag is off.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F070"
|
|
]
|
|
},
|
|
{
|
|
"id": "T069",
|
|
"description": "Entra Temporal types compile and are consumed by workflows/activities without `any` leakage.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F071"
|
|
]
|
|
},
|
|
{
|
|
"id": "T070",
|
|
"description": "`entraDiscoveryWorkflow` executes discovery activities in expected order.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F072",
|
|
"F076"
|
|
]
|
|
},
|
|
{
|
|
"id": "T071",
|
|
"description": "`entraInitialSyncWorkflow` loads mapped tenants then processes each tenant sync.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F073",
|
|
"F077",
|
|
"F078"
|
|
]
|
|
},
|
|
{
|
|
"id": "T072",
|
|
"description": "`entraTenantSyncWorkflow` only syncs requested tenant mapping context.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F074",
|
|
"F078"
|
|
]
|
|
},
|
|
{
|
|
"id": "T073",
|
|
"description": "`entraAllTenantsSyncWorkflow` processes all active mapped tenants.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F075",
|
|
"F077",
|
|
"F078"
|
|
]
|
|
},
|
|
{
|
|
"id": "T074",
|
|
"description": "`upsertSyncRunActivity` creates parent sync run with initiating user and mode.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F079"
|
|
]
|
|
},
|
|
{
|
|
"id": "T075",
|
|
"description": "`recordSyncTenantResultActivity` writes per-tenant result rows and counters.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F081"
|
|
]
|
|
},
|
|
{
|
|
"id": "T076",
|
|
"description": "`finalizeSyncRunActivity` marks run terminal state and summary totals.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F080"
|
|
]
|
|
},
|
|
{
|
|
"id": "T077",
|
|
"description": "Workflow registration index exports all new Entra workflows.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F082"
|
|
]
|
|
},
|
|
{
|
|
"id": "T078",
|
|
"description": "Activity registration index exports all new Entra activities.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F083"
|
|
]
|
|
},
|
|
{
|
|
"id": "T079",
|
|
"description": "EE workflow client can start initial sync and returns workflow/run IDs.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F084",
|
|
"F085"
|
|
]
|
|
},
|
|
{
|
|
"id": "T080",
|
|
"description": "EE workflow client can start all-tenant sync and returns workflow/run IDs.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F084",
|
|
"F086"
|
|
]
|
|
},
|
|
{
|
|
"id": "T081",
|
|
"description": "EE workflow client can start single-client sync and returns workflow/run IDs.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F084",
|
|
"F087"
|
|
]
|
|
},
|
|
{
|
|
"id": "T082",
|
|
"description": "Progress query endpoint returns run-level and tenant-level status data for polling.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F088"
|
|
]
|
|
},
|
|
{
|
|
"id": "T083",
|
|
"description": "Mapping confirm action can optionally start initial sync workflow and persist run id.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F085"
|
|
]
|
|
},
|
|
{
|
|
"id": "T084",
|
|
"description": "Manual `Sync All Tenants Now` action starts expected workflow type.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F086",
|
|
"F113"
|
|
]
|
|
},
|
|
{
|
|
"id": "T085",
|
|
"description": "Manual client-level sync action starts expected single-tenant workflow type.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F087",
|
|
"F114"
|
|
]
|
|
},
|
|
{
|
|
"id": "T086",
|
|
"description": "Schedule setup creates Entra recurring sync schedule when not present.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F089"
|
|
]
|
|
},
|
|
{
|
|
"id": "T087",
|
|
"description": "Schedule setup updates existing Entra schedule definition when already present.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F089"
|
|
]
|
|
},
|
|
{
|
|
"id": "T088",
|
|
"description": "Workflow IDs are deterministic/deduplicated for repeated manual trigger collisions.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F090"
|
|
]
|
|
},
|
|
{
|
|
"id": "T089",
|
|
"description": "Workflow run with no mapped tenants completes gracefully with zero-processed summary.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F073",
|
|
"F075"
|
|
]
|
|
},
|
|
{
|
|
"id": "T090",
|
|
"description": "Adapter failure in tenant sync marks tenant result failed and parent run failed/partial as designed.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F078",
|
|
"F080",
|
|
"F081"
|
|
]
|
|
},
|
|
{
|
|
"id": "T091",
|
|
"description": "Sync filter excludes disabled Entra users (`accountEnabled=false`).",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F092"
|
|
]
|
|
},
|
|
{
|
|
"id": "T092",
|
|
"description": "Sync filter excludes users missing valid UPN/email identity.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F092"
|
|
]
|
|
},
|
|
{
|
|
"id": "T093",
|
|
"description": "Default service-account patterns are excluded from sync candidate set.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F093"
|
|
]
|
|
},
|
|
{
|
|
"id": "T094",
|
|
"description": "Tenant custom exclusion patterns are applied on top of default filters.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F094"
|
|
]
|
|
},
|
|
{
|
|
"id": "T095",
|
|
"description": "Exact email match links to existing contact and does not create duplicate contact.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F095",
|
|
"F096"
|
|
]
|
|
},
|
|
{
|
|
"id": "T096",
|
|
"description": "No email match creates a new contact under the mapped client.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F097"
|
|
]
|
|
},
|
|
{
|
|
"id": "T097",
|
|
"description": "Multiple plausible matches generate reconciliation queue item instead of auto-link.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F098"
|
|
]
|
|
},
|
|
{
|
|
"id": "T098",
|
|
"description": "Name-only similarity without email never auto-links a contact.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F099"
|
|
]
|
|
},
|
|
{
|
|
"id": "T099",
|
|
"description": "Linking/new-contact paths persist Entra object id/source metadata fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F100"
|
|
]
|
|
},
|
|
{
|
|
"id": "T100",
|
|
"description": "Field sync toggle OFF prevents display-name overwrite on existing contacts.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F101"
|
|
]
|
|
},
|
|
{
|
|
"id": "T101",
|
|
"description": "Field sync toggle ON allows display-name overwrite for linked contacts.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F101"
|
|
]
|
|
},
|
|
{
|
|
"id": "T102",
|
|
"description": "Field sync toggle ON allows UPN overwrite for linked contacts.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F101"
|
|
]
|
|
},
|
|
{
|
|
"id": "T103",
|
|
"description": "Disabled upstream user marks linked contact inactive with sync reason.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F102"
|
|
]
|
|
},
|
|
{
|
|
"id": "T104",
|
|
"description": "Deleted upstream user marks linked contact inactive with sync reason.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F103"
|
|
]
|
|
},
|
|
{
|
|
"id": "T105",
|
|
"description": "Disabled/deleted handling never deletes contact rows.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F104"
|
|
]
|
|
},
|
|
{
|
|
"id": "T106",
|
|
"description": "Every processed contact gets `last_entra_sync_at` refreshed.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F105"
|
|
]
|
|
},
|
|
{
|
|
"id": "T107",
|
|
"description": "Contact link records refresh `last_seen_at` and status per sync.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F106"
|
|
]
|
|
},
|
|
{
|
|
"id": "T108",
|
|
"description": "Per-tenant counters include created count accurately.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F107"
|
|
]
|
|
},
|
|
{
|
|
"id": "T109",
|
|
"description": "Per-tenant counters include linked count accurately.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F107"
|
|
]
|
|
},
|
|
{
|
|
"id": "T110",
|
|
"description": "Per-tenant counters include ambiguous count accurately.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F107"
|
|
]
|
|
},
|
|
{
|
|
"id": "T111",
|
|
"description": "Dry-run sync mode performs no DB writes while returning preview counters.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F108"
|
|
]
|
|
},
|
|
{
|
|
"id": "T112",
|
|
"description": "Sync result serializer output remains stable across success/failure run states.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F109"
|
|
]
|
|
},
|
|
{
|
|
"id": "T113",
|
|
"description": "Retry of same tenant sync does not duplicate `entra_contact_links` rows.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F110"
|
|
]
|
|
},
|
|
{
|
|
"id": "T114",
|
|
"description": "Retry of same tenant sync does not duplicate contact creation for same Entra identity.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F110"
|
|
]
|
|
},
|
|
{
|
|
"id": "T115",
|
|
"description": "Reconciliation queue item stores tenant/client context and candidate detail payload.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F025",
|
|
"F098",
|
|
"F115"
|
|
]
|
|
},
|
|
{
|
|
"id": "T116",
|
|
"description": "Resolve queue -> existing contact links identity and marks queue item resolved.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F116"
|
|
]
|
|
},
|
|
{
|
|
"id": "T117",
|
|
"description": "Resolve queue -> new contact creates contact/link and marks queue item resolved.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F117"
|
|
]
|
|
},
|
|
{
|
|
"id": "T118",
|
|
"description": "Queue resolve rejects cross-client or cross-tenant contact targets.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F116",
|
|
"F117"
|
|
]
|
|
},
|
|
{
|
|
"id": "T119",
|
|
"description": "Single-client sync only processes identities belonging to that mapped client tenant.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F087",
|
|
"F118"
|
|
]
|
|
},
|
|
{
|
|
"id": "T120",
|
|
"description": "All-tenant sync skips entries currently marked as skipped mappings.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F059",
|
|
"F075"
|
|
]
|
|
},
|
|
{
|
|
"id": "T121",
|
|
"description": "Settings status panel shows connection type/status, last discovery, mapping counts, and interval.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F111"
|
|
]
|
|
},
|
|
{
|
|
"id": "T122",
|
|
"description": "Sync history panel renders latest run list sorted by started time.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F112"
|
|
]
|
|
},
|
|
{
|
|
"id": "T123",
|
|
"description": "Sync history drilldown displays per-tenant outcome rows and counts.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F112",
|
|
"F021"
|
|
]
|
|
},
|
|
{
|
|
"id": "T124",
|
|
"description": "`Sync All Tenants Now` button disabled when no active mapping exists.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F113",
|
|
"F068"
|
|
]
|
|
},
|
|
{
|
|
"id": "T125",
|
|
"description": "`Sync All Tenants Now` button enabled once at least one active mapping exists.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F113",
|
|
"F068"
|
|
]
|
|
},
|
|
{
|
|
"id": "T126",
|
|
"description": "Client-level sync action is shown for mapped clients and hidden for unmapped clients.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F114"
|
|
]
|
|
},
|
|
{
|
|
"id": "T127",
|
|
"description": "Client-level sync action returns run id and begins status polling successfully.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F114",
|
|
"F088"
|
|
]
|
|
},
|
|
{
|
|
"id": "T128",
|
|
"description": "Ambiguous queue panel hidden when `entra-integration-ambiguous-queue` is disabled.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F012",
|
|
"F115"
|
|
]
|
|
},
|
|
{
|
|
"id": "T129",
|
|
"description": "Ambiguous queue panel visible when `entra-integration-ambiguous-queue` is enabled.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F012",
|
|
"F115"
|
|
]
|
|
},
|
|
{
|
|
"id": "T130",
|
|
"description": "Client portal user cannot access Entra settings actions/routes (403/forbidden response).",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F118"
|
|
]
|
|
},
|
|
{
|
|
"id": "T131",
|
|
"description": "Client portal user cannot trigger manual sync endpoints/actions.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F118"
|
|
]
|
|
},
|
|
{
|
|
"id": "T132",
|
|
"description": "Internal user without `system_settings.read` cannot read Entra status/mapping views.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F119"
|
|
]
|
|
},
|
|
{
|
|
"id": "T133",
|
|
"description": "Internal user without `system_settings.update` cannot connect, map, or start sync.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F119"
|
|
]
|
|
},
|
|
{
|
|
"id": "T134",
|
|
"description": "Internal user with required permissions can complete connect -> discover -> map -> sync flow.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F035",
|
|
"F051",
|
|
"F061",
|
|
"F113",
|
|
"F119"
|
|
]
|
|
},
|
|
{
|
|
"id": "T135",
|
|
"description": "EE docs include both direct and CIPP setup paths and decision guidance.",
|
|
"implemented": true,
|
|
"descoped": true,
|
|
"descopedNote": "Descoped 2026-04-17 — CIPP removed from Phase 1. Docs should now cover Direct setup only; CIPP decision guidance is no longer required. Docs update is tracked as T135b.",
|
|
"featureIds": [
|
|
"F120"
|
|
]
|
|
},
|
|
{
|
|
"id": "T135b",
|
|
"description": "EE docs cover Direct Microsoft partner auth setup as the sole Phase 1 connection path, and note that CIPP has been descoped from Phase 1.",
|
|
"implemented": false,
|
|
"featureIds": [
|
|
"F120"
|
|
]
|
|
},
|
|
{
|
|
"id": "T136",
|
|
"description": "EE docs include Entra secret names and note secret-provider/vault compatibility.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F033",
|
|
"F120"
|
|
]
|
|
},
|
|
{
|
|
"id": "T137",
|
|
"description": "EE docs describe additive sync and non-overwrite behavior with field-sync toggles.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F101",
|
|
"F104",
|
|
"F120"
|
|
]
|
|
},
|
|
{
|
|
"id": "T138",
|
|
"description": "EE docs describe feature-flag rollout order for pilot tenants.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F010",
|
|
"F120"
|
|
]
|
|
},
|
|
{
|
|
"id": "T139",
|
|
"description": "Disabling `entra-integration-ui` hides settings UI without deleting connection/mapping data.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F006",
|
|
"F007"
|
|
]
|
|
},
|
|
{
|
|
"id": "T140",
|
|
"description": "Disabling `entra-integration-client-sync-action` hides client action while preserving server-side run history.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F009",
|
|
"F020",
|
|
"F021"
|
|
]
|
|
}
|
|
]
|