US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Governance

Reconciliation

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Reconciliation

Reconciliation


In this article is described use case for reconciliation, which means that workflows will start based on certain information read from the source system. 

Reconciliation is ongoing process in the background and it will start based on scheduled time in provisioning task (scheduled-based provisioning task). It can be also started manually from the configuration console, but please notice that this action will need access to configuration.




Use Case Description


 

Description

Overview

This use case describes reconciliation process for reading user and group (entitlement) information from the Customers directory and actions that will take place if IGA solution detects exception between information itself and information read from the directory.

Operators

IGA solution
IGA Admin
Directory

Prerequisites

Scheduled-based provisioning task needs to be configured

Result

Reconciliation is completed successfully or an IGA Admin Task is created to IGA Admin for manual handling. 

Operating chain
  1. Received user data

    • IGA solution will read changed user data from the directory based on scheduled-based provisioning task settings

    • IGA solution will start validating if received data diverges from the data stored in IGA solution

    • There are several attributes which are validated and they might be different according to the directory in question

      • For AD: SamAccountName, Distinguished Name, Email address, User Principle Name, 

      • For Azure AD: User Principle Name, Email address

    • If I there is exception between information in IGA solution and the information read from the directory, IGA solution will generate IGA Admin Task for IGA Admins to be able synchronize information

      • IGA Admin can update directory information according to information in IGA solution by choosing synchronize user information and closing the ticket. 

      • Provisioning will update information automatically to the directory

  2. Received entitlement data

    • IGA solution will read changed group membership information from the Customers directory

    • IGA solution will start validating if received data diverges from the data stored in IGA solution

      • If there is exception with users group memberships (for example there is new group membership connection or removal) IGA solution will generate IGA Administration Task where IGA admin can generate  IGA Re-certification request to Matrix42Self-Service Portal for Managers to be able approve or reject exception.

      • Based on result for approval request, IGA solution will  synchronize information between users IGA Account and users directory account

      • There is a time limit for approving the re-certification request and if it is not approved or rejected in that time, IGA solution will generate IGA Admin Task for IGA Admins.

  3. Other views and reports for managing data read from the Customers directory

    • Orphan user accounts (IGA Account without Identity Storage relation)

    • User accounts which last login was made x time ago

    • User accounts with x entitlement and last login was made x time ago

    • User accounts without group memberships

    • User account attributes with different values (for example different first name than spoken name)

    • New entitlements (new group is created into the Customers directory and read to the IGA solution)

    • Open re-certification requests for de-provisioning
Auditing Details Audit details are saved

1. When exception in user or entitlement data is detected, IGA Access Right Record is created (type read from the directory).

2. When Manager approves approval request IGA Access Right Record is created for approval information and for updating users access rights

3. When Manager rejects approval request, IGA Access Right Record is created for approval information and for updating users access rights.

Related datacards

IGA Request
Approval
IGA Account
IGA Entitlement
IGA Admin Task

Delete

Configuration changes


In this use case there are several different settings which can be configured according to Customer needs and they don't have affect to the project schedule or work estimations.


1. In the use case operating chain, step 1, Customer can define three (3) more attributes to be compared


2. In the use case operating chain, in step 2, Customer can choose time limit for approval request waiting before creating IGA Admin Task to IGA Admins


3. In the use case operating chain, in step 3, Customer can choose values for


  • Last login time (appears in several phases, possible to adjust in all of those)

  • Which values are compared for user account attributes

  • User accounts with x entitlement and last login was made x time ago


4. In the use case operating chain, in step 3, Customers IGA Admins can create as many views and reports as needed
 
Delete

Expansion possibilities


1. Customer can request more attributes to be compared, but it will need Matrix42consultant for validating work estimations and affects to the project schedule

2. Customer can request more views and reports, but it will need Matrix42consultant for validating work estimations and affects to the project schedule 

3. Customer can request more directories or other integrated applications to be added to de-provisioning process, but it will need Matrix42consultant for validating work estimations and affects to the project schedule 

Delete

Relations & configuration instructions


Relations to other use cases, 


Relations to other data cards,

IGA Service Request
Approval
IGA Account
IGA Entitlement
IGA Admin Task

Configuration instructions,

  1. Check Scheduled-based EPEtask called "Reading Data from [Directory] "
    1. Test connection from the EPEtask
    2. Check user and group filters and settings
    3. Check task scheduling 

  2. Check that you have listeners in IGA account template (those will create IGA admin tasks)
    • Postsave.De-provisioning [Directory] data diverges from the data stored in IGA(TL230322) 

  3. Check that you have transform from the IGA Account template to the IGA Admin task


  4. Test Read account and entitlement data from source directory to ESM 
    • Check that IGA Accounts are imported to ESM
    • Check that IGA Entitlement are imported to ESM
    • Change Email Address for user that have identity storage in Directory and check that Admin task is created
Delete


harmonize mechanical

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Provisioning & de-provisioning
  • User Lifecycle Management
  • Manage organizational data
  • Automation: De-Provisioning

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand