US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Governance

Manage toxic combinations

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Manage toxic combinations

Manage toxic combinations


In this article is described how IGA Admin or Security Manager can manage toxic combinations, which are also know as Separation of Duties or Segregation of Duties (SoD).

Toxic combination type can be either forbidden or denied, and depending on the type User and/or Manager are informed.



Use Case Description


This use case contains all functionalities for all Matrix42IGA Packages, different package content has been marked

* Add-on to IGA Starter package

** IGA Growth package

*** Only available for IGA Enterprise package



 Description

Overview

In this use case is described how IGA Admin can manage toxic combinations and how user or manager is informed about them. 

Operators

IGA solution
IGA Admin
Self-Service Portal
User
Manager
Security Manager

Prerequisites

Customer has pointed IGA Admin role to at least one Person, preferably to two Persons. Admins are managed by adding users to Efecte_IGA_Admins Directory Group.

Result

Toxic combination is prevented or forbidden from the user and email notifications are sent.

Operating chain
  1. IGA admin opens IGA Toxic Combination view 

  2. IGA Admin can create, update or remove toxic combinations

  3. IGA Admin creates new IGA Toxic Combination and fulfills requested information

    • Status
       
      • Active, toxic combination is in use

      • Inactive, toxic combination is not in use, data card is hidden

      • Cancelled, data card is hidden and workflow is cancelled

    • Name and description

    • Toxic Combination type

      • Forbidden

        • When 2 -3 entitlements create combination that is allowed, but needs to be monitored carefully 

      • Denied

        • When 2 - 3 entitlements create combination that is denied in all circumstances and IGA solution will automatically prevent combination
           
    • Owner

    • Executing time

      • Mandatory, when updating existing Toxic Combination

    • IGA Entitlements

      • Toxic combination can be only made with IGA Entitlements

  4. Access Right Records are saved and process ends.
Operating chain for informing user and/or manager
  1. When toxic combination is active

  2. User or Manager requests access rights from Self-Service Portal

    • Requester (user or manager) does not see toxic combinations from the Self-Service Portal

  3. After request has been made, notification is sent to persons selected in the IGA Toxic Combination datacard.

Related datacards

IGA Toxic Combination
Delete

Configuration Changes


Customer can make following changes in reasonable scope, without them affecting projects schedule or work estimations. 

1. Customer can define who is notified when toxic combination requested and approved

2. Customer can define who is notified when toxic combination which type is forbidden is created

Delete

Expansion Possibilities


These changes require always IGA Consultants review, before affects to the project schedule and work estimations can be estimated. 

1. Customer can define workflow which also replaces related IGA Entitlement with another entitlement. 

Delete

Relations & configuration instructions


Relations to other use cases, 


Relations to other data cards, 

IGA Toxic Combination

Configuration instructions,

  1. Go to IGA Toxic combinations and workflow called "IGA Toxic Combinations Workflow"
    • Publish the workflow

  2. Test the IGA Toxic combination management
    • Test user must be IGA Admin. Admins are usually managed by Efecte_IGA_Admins Directory Group. 
    • Before testing ESM must contain:
      • Entitlements
    • Create new Toxic combination to ESM
      • Check that Toxic combination can be tested
        • Request Access right that will cause toxic combination
          • IGA Service request has been rejected automatically
Delete


harmful mixture toxic management

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Manage entitlements
  • Manage Administration Tasks
  • Manage automated rules

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand