US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Access right management

Provisioning & de-provisioning

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Provisioning & de-provisioning

Provisioning & de-provisioning

Provisioning is part of access right management process, but most commonly its expanded when more and more use case from different processes are taken into use. 

Provisioning generally means that information is delivered automatically or manually between IGA solution and directories / applications. When information is delivered automatically, it requires that one of the ready-made connectors are taken into use, or integration to the target system is established some other way (using API's, integration platforms etc.). Manual provisioning means that provisioning request is delivered as a ticket to support group or as a email to the application main users, usually also response is sent back to IGA solution after manual request has been closed. Provisioning can be also combination of manual and automatic provisioning. 

Difference between provisioning and de-provisioning is the actual action what is performed, meaning that each time users, access right relations etc. are added to the directory or application, its called provisioning. When for example group-membership connection is removed, its called de-provisioning. Generally in this article is referrering to provisioning. 

Provisioning is part of several use cases, like for example request access rights, when group-membership connection is created based on the request made in Self-Service. Provisioning can also happen several times during the use case like for example when users are created, provisioning happen several times during the workflow (for example users unique attributes are verified to be unique like email address, UPN, samaccountname etc.).



Use case description


This use case can be expanded with other processes and those has been marked, 

* User lifecycle management
** Governance
*** Automation & provisioning
**** Expanded access right management



 Description

Overview

This use case describes how provisioning process works. There are three (3) different provisioning types:

 1. Automatic (integration to target system)
 2. Manual
 3. Combined (manual + automatic)

If there is exception in provisioning, IGA solution will notify IGA Admin.

Operators

IGA solution
IGA admin
Customer directory / application
Main users for customers applications

Prerequisites

All entitlements and user’s information for provisioning scope needs to be available for IGA solution. 

Result

Provisioning task is completed successfully or an IGA Request / IGA Admin Task is created to IGA Admin for manual handling. 

Operating chain
  1. IGA solution receives request for provisioning

  2. IGA solution starts provisioning based on provisioning type, which can be:

    • Automatic: Provisioning is automatically done to directories or applications, based on provisioning task configured in workflow

    • Manual: Based on provisioning request, IGA solution creates IGA admin task to IGA admin

      • As an assumption, all tasks are pointed to IGA Admin, but if needed requests can be assigned to different application admins, groups or persons who manually manages access rights. 

    • Combined: Provisioning request can also be provisioned automatically to directories or application and create an IGA admin task is created to IGA Admin or other agreed persons/support groups. 

  3. Provisioning activities for ready-made connectors can be found from here.

  4. IGA solution starts provisioning

    • If there is an exception in provisioning, will provisioning keep trying until limits are full filled and admin tasks is created to IGA admin.

  5. Auditing details are saved.

Related datacards

IGA request
Person
Identity Storage

Delete

Expansion possibilities


Expansion possibilities are categorized in three category, but it is always important to validate if requested change has affect to the delivery schedule or work estimations. 

Notice, that these expansion possibilities concerns mostly features that need actual configuration changes. Daily admin tasks are described in the use case.


Category Description
Small 
(less than hour) 		Small changes does not usually affect to the delivery schedule or work estimations and these changes can be done also by IGA admins, 
  • Attribute mappings
Medium 
(0,5 - 2 work days) 		Medium changes can be for example, 
  • Manage custom objects
  • New ready-made connector taken into use
Large
(more than 2 work days) 		Large changes usually takes longer time, since they require more detailed definition-, and testing work. Those can be for example, 
  • Customer specific use cases
  • Customized integrations and interfaces
Delete

Relations & configuration instructions


Relations to other use cases, 

This use case is related almost to all use cases where provisioning is made. 

Relations to other data cards, 

IGA Request
Person
Identity Storage

Configuration instructions,

  1. With IGA baseline there is no need to edit workflows or EPEtasks to achieve this use case. Event-based task are executing these provisioning and those are configured in other use cases.


Unit testing instructions, 

  1. This use case is tested along with other use cases, so no need to make separate tests
Delete

System and user approval testing instructions


This use case is tested along with other use cases, so there is no need to test this use case separately.

Delete



provisioning automation

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Reconciliation
  • User Lifecycle Management
  • Manage organizational data
  • Automation: De-Provisioning

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand