US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Access right management

Password management

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Password management

Password management 


Password management in Efecte IGA solution is part of access right management (ARM) process and it is depending on the automation level (delivered connectors and integrations) if passwords are managed manually or automatically. 

Password management is related also to authentication and in most cases strong authentication is required when passwords are managed. 

Please notice, that IGA packages (Starter, Growth, Enterprise) has affect to the use case and relating functionalities such as user privilege- or physical access management, etc.


Use cases in a nutshell, 

1. User changes own password in Self-Service 

  • User authenticates to Self-Service
    • Most commonly strong authentication is added to the process when user is changing forgotten password, but often current password can be changed without strong authentication. 
  • User open "change my password" service in Self-Service
  • User selects correct account/application, which password he/she is changing (if user has only one account, then this option is not visible)
  • User types new password and confirms the request 
  • IGA solution changes users password to the directories and/or applications according to automation level


2. Centralized group of users (password managers) can change other users passwords in Self-Service (like for example assistants or IT support)

  • Password manager authenticates to Self-Service
    • Strong authentication can be added to the process
  • Password manager opens "change passwords" service in Self-Service
  • Password manager selects correct user
  • Password manager selects correct account/application in case there are several possibilities
  • Password manager types new password and confirms the request 
  • IGA solution changes users password to the directories and/or applications according to automation level
  • Password can be sent to user via email or text message (requires sms-gateway to be in place)


3. Admin changes users passwords in IGA solution

  • Admin authenticates to IGA solution
    • Strong authentication can be added to the process
  • Admin selects correct IGA account
  • Admin can change users password or unlock users account
  • Admin types new password and saves the request
  • IGA solution changes users password to the directories and/or applications according to automation level
  • Password can be sent to user via email or text message (requires sms-gateway to be in place)




Use case description for end-users


This use case contains is part of all IGA packages, but it can be expanded with Bank ID authentication (Strong authentication) or Two-Factor authentication (2FA), these are always add-ones to the package. 


This use case contains all functionalities for all Efecte IGA packages, different package content has been marked

* User lifecycle management add-on

** IGA Growth package

*** Only available for IGA Enterprise package



 Description

Overview

In this use case are described use cases how user can request password change or how user can reset own current or forgotten password.

Operators

IGA solution
Self-Service 
User
IGA Admin

Prerequisites

Change password services are published in Self-Service in own site (and possible add-on for strong authentication is configured). 

If user needs to be able to access password change services out side of organizations network, Self-Service needs to be available in the public network. 

Needed connectors and integrations are delivered and those are supporting password change to the directories and applications. 

Result

Users password has been changed to the directory or application, or there is manual task created for the password change. 

Password has been delivered to the user via email, text message or it has been verbally given to the user. 

Operating chain for change my password (no strong authentication)
  1. User authenticates to Self-Service Portal by using

    • SAML
    • OAuth 
    • User federation
    • Azure SSO
    • ADFS
    • Local ESM User

  2. User opens "Change my password" service from the Self-Service 

  3. User type's in new password

    • If user has several accounts, which password can be changed, user needs to select correct account first

  4. IGA solution receives information and starts provisioning

    • IGA solution waits response from the directory and updates information to Self-Service 

    • If password is manually changed, admin task is created to admins

  5. Auditing details are saved.
Operating chain for change my forgotten password (with strong authentication)
  1. User authenticates to Self-Service by using

    • Bank ID
    • OTP
    • Two-Factor Authentication (2FA)

  2. User opens "Change my password" service from the Self-Service 

  3. User type's in new password

    • If user has several accounts, which password can be changed, user needs to select correct account first

  4. IGA solution receives information and starts provisioning

    • IGA solution waits response from the directory or application and updates information to Self-Service 

    • If password is manually changed, admin task is created to admins

  5. Auditing details are saved.
Operating chain for Password manager
  1. Password manager authenticates to Self-Service by using

    • SAML
    • OAuth 
    • User federation
    • Azure SSO
    • ADFS
    • Bank ID
    • OTP
    • Two-Factor Authentication (2FA)

  2. Password manager opens "Change passwords" service from the Self-Service 

  3. Password manager chooses correct user from the list

    • Password manager needs to choose also users account, if user has several accounts

    • Password manager can change all users passwords or customer can define limitations like for example based on organizational units

  4. Password manager type's in new password

  5. IGA solution receives information and starts provisioning

    • IGA solution waits response from the directory and updates information to Self-Service 

    • If password is manually changed, admin task is created to admins

    • IGA solution sends new password via email, text message or it can be given verbally to the user

  6. Auditing details are saved.
Self-Service Change my password
Change passwords
Messages Users password can be delivered via email, text message or verbally.
Email notification can be sent to the user, who's password has been changed. 

Delete

Use case description for IGA admins


This use case contains all functionalities for all Efecte IGA packages, different package content has been marked

* User lifecycle management add-on

** IGA Growth package

*** Only available for IGA Enterprise package



 Description

Overview

IGA solution is centralized point for user lifecycle and access right management, this use case describes how IGA admin (or other delegated group, for example IT-support) can reset or unlock users passwords. 

Operators

IGA Solution
IGA admin

Prerequisites

Customer has pointed IGA admin role to at least one person, preferably to two persons. 

Needed connectors and integrations are delivered and those are supporting password change to the directories or applications.

Result

Users password has been changed and delivered to the user. 

Operating chain
  1. IGA admin opens Efecte IGA solution

  2. IGA admin opens users IGA Account -datacard

  3. IGA admin can

    • Reset users passwords to directories by adding new password to the IGA Account datacard
        
    • Unlock users password, if there has being to many failed login attempts (not available to all directories)
       
  4. When data card is saved new password or reset is provisioned towards directory or application

    • Or admin task is generated for manual password change

  5. Changed password can be delivered via email, text message or verbally to the user. 

  6. Auditing details are saved.

Messages

Password can be sent to user via email or text message.
Delete

Expansion possibilities


Expansion possibilities are categorized in three category, but it is always important to validate if requested change has affect to the delivery schedule or work estimations. 


Category Description
Small 
(less than hour) 		Small changes does not usually affect to the delivery schedule or work estimations and these changes can be done also by IGA admins, 
  • Attribute naming 
  • Info text's, 
  • Background, logo's, language
  • Changes to email or text message content
Medium 
(0,5 - 2 work days) 		Medium changes can be for example, 
  • Strong authentication
  • New services to Self-Service
  • New connector (new customer directory or application)
Large
(more than 2 work days) 		Large changes usually takes longer time, since they require more detailed definition-, and testing work. Those can be for example, 
  • Password change for privilege accesses
  • PIN-code change for physical accesses


Delete

Relations and configuration instructions


Relations to other use cases, 

Provisioning - is required for changing the password automatically to the directories or applications, or manually by creating IGA admin task.

Manage admin tasks - use case for IGA admins to be able to get notifications in case there is a need for manual action

Manage IGA account - is required when password is changed from the IGA solution

Lock user account*** - in case users accounts and accesses needs to be immediately locked, usually passwords are changed simultaneously 

Manage privilege accesses*** - use case contains possibility to change also privilege accounts passwords

Manage physical accesses*** - usually physical accesses contains own separate PIN code, which user can change by themselves from Self-Service

Audits and reports - ready-made reports and dashboards for monitoring access right removals

Manage IGA users - use case is required for end-users and admins to be able to access Self-Service or IGA solution. 

Relations to other data cards, 

IGA Account
IGA Service Request


Delete

Notice!

There are two different configuration and system testing instructions, make sure you follow the correct one. 


1. Configuration instructions for IGA admin actions 

1. Go to IGA Manage Passwords template and workflow called "Account Management Action Workflow"

2. Check the workflow nodes 

3. Publish the workflow


1.1 System testing instructions for IGA admin actions

1. Test user must be Efecte ESM admin. Admins are usually managed by Efecte_IGA_Admins Directory Group. 

2. Before testing ESM must contain:

  • IGA Accounts
  • Reset User's password from the IGA account template

3. Test user's account password and try login with new password

4. Unlock User's account from the IGA account template

5. Check from the target directory that account is unlocked


2. Configuration instructions for end-users

  1. Publish service "Change My Password" in ESS

  2. Publish service "Change Password" in ESS

  3. Configure EPEtask called "[Directory] IGA Service request: Verify, Add, Remove"
    • Configure the connection settings and after that Test connection from the EPEtask
    • Define user and group filters and settings
    • No need to change user identity mappings

  4. Go to IGA service request and workflow called "5. IGA Change Password"
    • Publish the workflow

2.1 System testing instructions for end-user services

  1. Create test users, all types like admin, user and password manager
  2. Authenticate to Self-Service and validate that only agreed password related services are visible
  3. Test Change password services from ESS
    • Check the IGA Service request from ESM that is successfully executed
    • Test the login with directory user that new password is changed and working
Delete


self service password change

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Self-Service: Request access rights
  • Self-Service: Remove access rights

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand