US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • User lifecycle management

Manage IGA Accounts

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Manage IGA Accounts

Manage IGA Accounts

 

In this use case is described IGA Set Account Information and IGA Account datacards functionalities, which are used when new users are created or updated to IGA solution. 

IGA Set Account Information datacards needs to be created, before users can be created to IGA solution or to the Customers directory's. IGA Admins can easily add new type of users to be created with certain type of credentials like for example internal and external users usually have different type of credentials to the applications.

 

IGA Set Account Information datacard is used for defining:

1. General and directory information

2. Email settings

3. Password settings

4. Validation

5. Account settings

6. Communication

7. Privilege Accounts***

8. Physical Access Accounts***

 

IGA Account is used for

1. Receiving user account data from the directory (via Efecte Provisioning Engine) or applications (via integration) 

2. Receiving service account*** data from the directory (via Efecte Provisioning Engine)

2. IGA Admin actions towards the directory (via Efecte Provisioning Engine) or applications (via integration)

 

 

 

Use Case Description

 

This use case contains all functionalities for all Efecte IGA Packages, different package content has been marked

* Add-on to IGA Starter package

** Add-on to IGA Growth package

*** Only available for IGA Enterprise package

 

  Description
Overview

This use case describes how credentials are created for different type of users for example internal and external users. 

IGA Admin can manage and add new rules for different user types. 

This use case is used when IGA Accounts are created, and if Customer is using IGA Enterprise package, also privilege accounts are created by using IGA Set Account Information datacard.
Operators IGA solution
IGA Admin
Prerequisites User’s personal, organizational, and work period related information is received from the Customers source system or from Efecte Self-Service Portal. 
Result

New user is founded to IGA solution and user has unique ID's, credentials for accessing Customers applications are delivered to correct users, and needed parties are informed. 

When user information is updated, needed parties are informed. 
Operating chain for creating accounts
  1. New user information is received via integration to the Customers source system or via Efecte Self-Service Portal

    • When workflow starts creating new user, needed information is validated from the IGA Set Account Information datacard

       
    • IGA Admin opens IGA Set Account Information view, chooses "New" and fulfill needed information

       
    • General Information
      • Name and description are used for IGA Admins to be able differentiate rules

         
      • Directory is chosen if Customer has several directory's as provisioning targets

         
      • Account type: Normal, Physical Access Account***, Privilege Account***, Service Account* Other*** 

         
      • User type indicates attribute from the users, which is used for defining which users with that attribute are created based on these rules and settings. 

         
    • Birth rights
      • Which IGA Entitlements are automatically added to the new user

        • Provisioning type needs to be automatic for these entitlements

           
      • Which IGA Business Roles are automatically added to the new user

        • Provisioning type needs to be automatic to all IGA Entitlements and sub-roles added to the business role

           
      • If there are IGA Automated rules, which applies to the new user, birth rights are overwritten based on the automated rule

         
    • Email Settings
      • Email rule contains ready options for which attributes are used when users email address is created

        • First name.Last name
        • Last name.First name
        • Spoken name. Last name
        • Last name.Spoken name

           
      • Email domain

        • There can be several email addresses with different domain created for the new user, but address is performed with same email rule

           
        • Prefix or suffix added to the email address (for example EXT-prefix for external users)

           
        • Users with same name rules

          • Character used in the email address for users with same name

             
          • If email address is updated for both of the users with same name and does the process need IGA Admins manual interruption (for example if the other user needs to be informed before name change is provisioned)

             
    • Account Settings
      • Needed data content changes based on selected target system

        • AD: sAMAccountName, cn, displayName, userPrincipalName, DN

           
        • Azure AD: userPrincipalName

           
        • OpenLDAP: cn

           
    • Password Settings
      • Password length 

         
      • Allowed or denied letters in the password

         
      • First time password receiver

        • Manager

           
        • Email to the users email (requires that email address is in IGA solution and email settings are configured)

           
        • Text message to the users phone number (requires that phone numbers are in IGA solution and Customer is using SMS gateway service)

           
        • None, password is not delivered

           
    • Validation
      • Maximum validation (days), if there is none validation added, users account will be active for time being

         
      • How many days ahead renewal request is send to Self-Service Portal for Managers approval

        • IGA solution automatically suggests new validation based on the IGA Set Account Information datacards maximum validation days

           
        • Manager can only approve or decline suggested validation

           
      • How many days ahead second renewal reminder is send to Manager (email notification)

         
      • Email license removal after (days), when employment end date occurs, when email related licenses are removed

         
      • Other Entitlement removal after (days), when employment end date occurs, when IGA Entitlements are removed from the IGA Account 

         
      • IGA Account removal after (days), when employment end date occurs, when IGA Account(s) is removed from the directories 

         
      • Move IGA Account after (days), when employment end date occurs, when IGA Account is moved to another OU (applies in AD and in OpenLDAP)

         
      • Approval level (same ones that IGA Entitlement has)
        • If approval is required, Approvers needs to be defined

           
    • Communication
      • Email content for each receiver

        • Basic: Information without sensitive data (Customer needs to define email content)

           
        • Secure: Information with sensitive data (Customer needs to define email content)

           
      • How many days ahead information is send for all receivers, when new user is created or departing user information is received

        • If there is none days added, information is send when start or end date occurs

           
        • Also if account validation has been continued via Self-Service Portal, email notifications are sent

           
      • Receivers:
         
        • Email addresses where information about the new user creation is send

           
        • Support groups where ticket about the new user creation in send

           
        • Email addresses where information about departing user is send

           
        • Support groups where ticket about information regarding departing users is send

           
        • Email addresses where information about user update is send

           
  2. IGA Admin updates existing IGA Set Account Information

    • IGA Admin opens existing datacard by choosing "Edit all" from the IGA Set Account Information view

       
    • IGA Admin can update all information, expect unique ID created for the rule (Efecte ID)

       
    • IGA Admin can inactivate datacard, which means that emails are send if user information is updated, but settings does not apply to new users

       
    • IGA Admin can remove existing IGA Set Account Information datacard by choosing status as Inactive

      • If datacard is inactive, it does not start any provisioning, but users matching removed user type are not able to have credentials and emails regarding departing or updated users are not send. 

 

User's IGA Accounts are now created based on settings made in the IGA Set Account Information.
Operating chain for Privilege Accounts***

This operating chain applies, if Customer has IGA Enterprise package and use cases for Managing and requesting privilege accesses are implemented.

  1. IGA Admin opens IGA Set Account Information view and selects new (datacard)

    • IGA Admin fulfills General and Directory Information

      • Name and description

         
      • Target system (directory or application)

         
    • IGA Admin can now choose if privilege account is created, by choosing Account type as "Privilege account" 

      • IGA Admin chooses Privilege account type (list is shown based on Account type)

        • ADDomain Admin
          • This can be for example Domain Administrator

             
        • ADAdmin other
          • This can be for example OU Administrator

             
        • Azure ADAdmin
          • This can be for example Owner in Azure AD

             
        • Azure ADAdmin other
          • This can be for example User Access Administrator in Azure AD

             
        • OpenLDAP Admin
          • This can be for example OpenLDAP Administrator

             
        • Application Admin
          • This can be any of the applications Admin users, which IGA solution has been integrated

             
      • Language rule

         
    • Account settings

      • Account name

        • Use users existing ID
          • Employee Number
          • SamAccountName
          • UPN
          • IGA ID

             
        • Use new format
          • Check needed attributes from operating chain for accounts (CN, cn, UPN, SAN etc.)

             
      • Optional prefix

         
      • Optional suffix

         
    • Communication (check operating chain for accounts)

       
    • Password settings (check operating chain for accounts)

       
    • Validation

      • Maximum validation days becomes mandatory when privilege account is created

         
  2. If "Request Privilege Account" service is used from the Self-Service Portal, users IGA Account for privilege accesses is created based on these settings. 

     
  3. IGA Access Right Records are created and audit details are saved. 
Operating chain for physical accounts

This operating chain applies, if Customer has IGA Enterprise package and use cases for Managing and requesting physical accesses are implemented.

  1. IGA Admin opens IGA Set Account Information view and selects new (datacard)

    • IGA Admin fulfills General and Directory or Application Information

      • Name and description

         
      • Target system (directory or application)

         
    • IGA Admin can now choose if physical account is created, by choosing Account type as "Physical account" and fulfills required information

      • Language rule

         
      • Account settings

         
      • Account name

        • Use users existing ID
          • Employee Number
          • SamAccountName
          • Email
          • IGA ID

             
      • Optional prefix

         
      • Optional suffix

         
    • Communication (check operating chain for accounts)

       
    • First time PIN code settings

      • Random

        • Add amount of numbers or characters

           
      • Fixed
        • Add fixed PIN code (this is not recommended)


           
  2. If "Physical Access Service" is used from the Self-Service Portal, users IGA Account for physical accesses is created based on these settings. 

     
  3. IGA Access Right Records are created and auditing details are saved.
Operating chain for IGA Account

When user is created according to IGA Set Account Information or account information is read from the directory (via Efecte Provisioning Engine) or application (via integration, limitations can appear if integration or target system does not allow all functions) IGA Admin can manage IGA Account datacard and perform following actions (from IGA Admin actions class)

 

  1. IGA Admin opens IGA Account datacard and chooses from IGA Admin Actions (class) which type of action needs to be performed

    • Sync account, this action will sync information between IGA Account and user account (located in the directory). IGA Account will be updated with information located in the directory. 

      • If HR integration is implemented, information located in the directory is overwritten during next data read

         
    • Account action's Reset password will change users password in the directory

      • IGA Admin fulfills new password field

         
      • IGA Admin chooses if password needs to be changed during next login

         
    • Account action's Unlock account, if user has entered wrong password too many times, account can be unlocked without password change

       
  2. IGA Admin can also add new IGA Entitlements to the IGA Account by IGA Service request

    • IGA solution creates group membership connection and creates also approval request to users manager and approval needs to happen in Self-Service Portal during the next 24 hours. 

      • If approval is not received, IGA solution removes IGA Entitlement and informs for example organizations CISO via email and removes IGA Entitlement from the IGA Account

         
      • If connection is made to privilege accesses***, email notification is sent immediately. 

         
  3. IGA Admin saves changes and provisioning is started

     
  4. IGA Access Right Records are created and auditing details are saved
Operating chain for service accounts***

Service account is technical account in directory, which is not related to any identity, but instead it is owned by user(s). 
 

  1. Service Accounts are read from the directory to IGA Account datacards

    • IGA Account type is set to Service Account

      • If Customer has added owner information to the account, it can be read to IGA Account datacards owner attribute

         
      • If Customer has added application information to the account, it can be read to IGA Account datacards application attribute

         
  2. IGA Admin can add Owner information, by opening the IGA Service request datacard

     
  3. Service Accounts are included in user off-boarding, so that owner information can be updated when employment has ended. 

     
  4. IGA Access Right Records are created and auditing details are saved
Related datacards IGA Identity Storage
IGA Set Account Information
IGA Account
Email content

Basic: First name, spoken name, last name, email address, username, organizational information, title, start date, end date, Manager name

Secure: Basic email content + Social Security number
Auditing details

Auditing details are saved

IGA Access Right Record datacards are created when new user is created and when user information for departing users is updated.

IGA Access Right Record is created when IGA Admin Action is performed.


 


 

 

Configuration Changes

 

These changes don't have affects to the project schedule or work estimations.

1. User Type

Depending are users received from the Customers source system or via Efecte Self-Service Portal, user type can be configured

  • Users received via Customers source system
    Customer can choose if company's, organizational units, employment types, cost centers or titles is used for defining different user type's. 

     
  • Users received via Self-Service Portal
    • User type attribute on the on-board services 

       

2. Email contents

Customer needs to define content for all emails that are send

 

3. How informed about IGA Entitlements relations made outside the process?

Customer can define email address to be informed, when IGA Admin adds IGA Entitlement to IGA Account and manager (or substitute) has not approved it in 24 hours. Customer can also define time limit for this. 

 

4. Customer can choose which existing user ID is used for creating new privilege account***

Usually same user ID is used as in users other accounts. 

 

 

Expansion Possibilities

 

1. New email rule

Customer can define other attributes which are used for creating users email address. This will always need Efecte Consultants review for estimating affects to the project schedule and work estimations. 

2. New email receivers

Customer can define more receivers for email notification, but this will always needs Efecte Consultants review for estimating affects to the project schedule and work estimation. 

3. New use cases: Manage Privilege Accesses

Customer can expand to IGA Enterprise package and manage also privilege accounts and accesses via IGA solution.

4. New use cases: Manage Physical Accesses

Customer can expand to IGA Enterprise package and manage also physical accesses and accounts via IGA solution. 

 

Relations & configuration instructions

Relations to other use cases, 

​
 

Relations to other data cards, 

IGA Identity Storage
IGA Set Account Information
IGA Account

Configuration instructions,

 

  1. Fill up data card "IGA Set Account Information"
    • All the needed usertype must filled

       
  2. Go to IGA Account and workflow called “IGA Account update from directory”
    • Publish the workflow

       
  3. Go to IGA Manage Passwords and workflow called “Account Management Action Workflow”
    • Publish the workflow

       
  4. Test the IGA Account management
    • Test user must be Efecte ESM admin. Admins are usually managed by Efecte_IGA_Admins Directory Group. 
    • Create new user:
      • Test that IGA set Account information rules are applied to user (ESM and Directory)
      • Sync created Account from the ESM
      • Test reset user's account password and try log with new password
      • Test unlock user's Account, check also from the directory that account is unlocked
      • Please note that you need to run the EPE scheduled task in order for the changes to be visible in IGA
 

 

iga accounts manage accounts

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Manage Administration Tasks
  • Manage request catalog
  • Manage entitlements

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand