US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Extended access right management

Manage Privilege Accesses

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Manage Privilege Accesses

Manage Privilege Accesses


In this use case is described how IGA Admin can manage the whole processes for privilege accesses and accounts. 

This use case needs to be implemented, if Customer is using any of the other privilege access use cases (Request Privilege Accesses, Request Privilege Account, Activate Privilege Account and expansions to other use cases). 




Use Case Description


This use case is available only for IGA Enterprise package. 

Please notice, that managing Administration level accesses for example in AD, it needs domain admin level permissions to the service account, which IGA solution is using for writing data towards AD. 



 Description

Overview

This use case describes how IGA Admin can manage privilege accesses and their availability on the Self-Service Portal. 

Operators

IGA solution
Self-Service Portal
IGA Admin

Prerequisites

Technical account, which IGA solution is using for reading and writing data towards directories or applications, needs to have enough permissions to manage also admin level accounts and accesses (for example if in AD, IGA solution is managing Domain Admins, service account needs domain admin level accesses to the Customers directory).  

Result

IGA Admin can manage, report and audit privilege level accesses and accounts. 

Users with privilege accesses can be re-certificated more often and during auditing information is up to date. 

Operating chain 
  1. IGA solution reads user accounts and group information from directories (via Efecte Provisioning Engine) or applications (via integration). 

    • Privilege user accounts are read to IGA Account datacards

      • If users with privilege accesses are located in own OU (AD and OpenLDAP) or can be filtered (Azure AD), IGA solution automatically marks these user accounts as privilege. 

        • This requires separate provisioning task to be configured in IGA solution (IGA Module Admin) 

      • If user accounts are marked with prefix or suffix in the name, IGA Admin can open view for IGA accounts with the prefix or suffix and use modify all action to mark user accounts (IGA Account) as privilege. 

      • IGA Admin can also modify IGA Accounts by opening them one by one and changing IGA Account type to privilege account.

    • Privilege groups are read to IGA Entitlement datacards

      • If groups with privilege accesses are located in own OU (AD and OpenLDAP) or can be filtered (Azure AD), IGA solution automatically marks these groups as privilege. 

        • This requires separate provisioning task to be configured in IGA solution (IGA Module Admin) 

      • If groups are marked with prefix or suffix in the name, IGA Admin can open view for IGA Entitlements with the prefix or suffix and use modify all action to mark user groups (IGA Entitlement) as privilege. 

      • IGA Admin can also modify IGA Entitlements by opening them one by one and changing IGA Entitlement type.

  2. IGA Admin can fulfill privilege IGA Entitlement information and publish them to be available in the Self-Service Portal 

    • Please check, use case for Manage IGA Entitlements

  3. IGA Admin can also create Re-certification request related to only privilege accesses and accounts. 

  4. Existing users with privilege account can now use "Request Privilege Accesses" and "Activate Privilege Accesses" services from the Self-Service Portal

    • Before these services can be used, IGA Admin needs to disable all privilege accounts by using modify all function. 

  5. Users can also request privilege account from the Self-Service Portal, by choosing "Request Privilege Account" service. 

  6. IGA Access Right Records are created and audit details are saved. 

Related datacards

IGA Entitlement
IGA Account

Views and dashboards
  • Activated privilege accounts (privilege IGA Accounts in use)
  • Disabled privilege accounts, with permissions to use privilege accesses
  • Privilege accounts expiring in one week
  • Privilege IGA Entitlements
Delete

Configuration Changes


Customer can define these configuration changes, without them affecting the projects schedule or work estimations. 

1. Customer can define prefix and suffix for privilege accounts, which is used for sorting privilege accounts

Delete

Expansion Possibilities


In this chapter are listed expansion possibilities, but please notice that these might have affect to the projects schedule and work estimations, so these will always needs Efecte Consultants review before agreeing on implementation.


1. Customer can define logic, for recognizing automatically privilege accounts and groups

Logic might be needed if Customer have several tens or hundreds of privilege accounts and accesses. Logic can be for example, that prefix or suffix is recognized, marked and relation to Identity Storage can be made automatically.


2. Customer can define that privilege accounts are automatically disabled when read to the IGA solution

Delete

Configuration instructions

  1. With IGA baseline there is no need to edit workflows or EPEtasks to achieve this use case. 

  2. Test the IGA Privilege Access management
    • Test user must be IGA admin. Admins are usually managed by Efecte_IGA_Admins Directory Group. 
    • Before testing ESM must contain:
      • IGA Accounts and entitlements
    • Test to Create new privilege Entitlement and publish that to portal
    • Test to Open view for IGA Accounts and modify with edit all action IGA accounts to be privilege from IGA Account type or edit those one by one. 
    • Test to Open view for IGA Entitlements and modify with edit all action IGA Entitlements to be privilege or edit those one by one. 


Delete


access management privilege control

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Manage entitlements
  • Manage Administration Tasks
  • Manage automated rules

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand