US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Instructions & guidelines
  • Other configuration instructions

Checklist: User Information from ESM to ESS.

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More
    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Checklist: User Information from ESM to ESS.

How to Get User Information from Directory to ESM to ESS with EPE

In this article is checklist for configuring Efecte Service management to be able to link user information to Efecte Self-service portal. 

Info

This checklist can be  used when Customers Efecte Cloud environments is using Efecte Secure Access and Efecte Provisioning Engine components.

 

 

  • ESM organization connector is configured.
     
    • The connector handles the provisioning of users from Efecte Service Management system (ESM) into Efecte Self Service (ESS).  

       
    • Make sure that there are at least some Person datacards in ESM, that have at least mappings for : emailFieldName, groupsFieldName, siteFieldName, userIdFieldName, userPrincipalName.
      (only Person datacards that have those 5 mappings defined and populated in ESM, will be provisioned to ESS). in example below: 

       

"userIdFieldName" is mapped to the attribute code of "Active Directory Account". 
"userPrincipalName" is mapped to the attribute code of "Active Directory Account".  
"groupsFieldName" is mapped to the attribute code of "ESS Groups" 
"siteFieldName" is mapped to the attribute code of "Person site"


  •  
  •  person_site_ess attribute is configured in ESM Person template
    • Organizational Unit (OU) that belongs to a site defined for the customer

       
    • Please note that ESS site structure is case-sensitive! So if site has a DC=FI it's a different site than DC=fi

       
    • If customer is using complex ESS site structure you can use following expression to match part of the OU from DN and place it to "ess_person_site".

       
_site1 = "OU=Users,DC=example1,DC=example,DC=fi"
_site2 = "OU=Admins,DC=exampe1,DC=example,DC=fi"
_site3 = "OU=Production,DC=example1,DC=example,DC=fi"
_site4 ="OU=External,DC=example1,DC=example,DC=fi"
_site5 = "OU=Managers,DC=example1,DC=example,DC=fi"
_site6 = "OU=Development,DC=example1,DC=example,DC=fi"if dn:
  _dn = this.get("dn")
  if _site1 in _dn:
    _result = _site1
  elif _site2 in _dn:
    _result = _site2
  elif _site3 in _dn:
    _result =_site3
  elif _site4 in _dn:
    _result =_site4
  elif _site5 in _dn:
    _result =_site5
  elif _site6 in _dn:
    _result =_site6
  else:
    _result="No matching ESS site found from users dN"
else:
  _currentValue = this.get("person_site_ess")
  _result=_currentValue

 

  • groups_ess  attribute is configured in ESM Person template

    • Shows Groups (entitlements) that a user belongs to. ESS can be configured to present different options depending on the groups that a user belongs to.

       
    • If missing user cannot see any services in ESS

       
    • Expression in groups_ess

      if account:  
        _result = this.getAll("$account:entitlements:name$")
      else:
        _result ="No Groups"

 

  • Check Sites settings from ESS admin. There must be same Site value as a OU in Person's sites settings in ESM.  Then, ESS will present service offerings depending on the  'site' that the person belongs to.

     
  • Verify that every 5 minutes (this is configurable in esm-organization-connector.xml), all Persons data cards that were updated in ESM during the last 5 minutes, are sent to ESS).

     
user data transfer checklist

Was this article helpful?

Yes
No
Give feedback about this article

Table of Contents

Related Articles

  • Configure: User Federation for Authentication
  • Configure: ESA SAML Authentication

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand