Description

Overview

This use case is expansion to IGA Entitlement use case, and with this IGA Admins can manage IGA Entitlements lifecycle. 

Entitlement Lifecycle contains new group creation and updates automatically to the directory.

There are two ways how entitlements can be created to the directory:

1. Request comes from Self-Service Portal via "create or update entitlements" service (please, see own use case)

2. IGA Admin creates or updates new IGA Entitlement

3. IGA Entitlements are created based on organizational data (this needs Manage Organizational Data use case to be implemented)

Operators

IGA solution
IGA Admin
HR-system

Prerequisites

Customer has pointed IGA Admin role to at least one Person, preferably to two Persons. Admins are managed by adding users to Efecte_IGA_Admins directory group.

If IGA Entitlements are created based on organizational data, also Manage Organization Data use case needs to be implemented.

Result

Entitlement is created, updated, or its status has been changed. 

Operating chain for IGA Admins

1. IGA Admin opens IGA Entitlement view from IGA solution
   
   
2. IGA Admin can
    
   • Create new IGA Entitlements automatically to the directory, by choosing New IGA Entitlement and fulfilling mandatory information
     
     
     • IGA Admin chooses entitlement type as New
       
       
     • Technical name, friendly name, provisioning type (needs to be automatic, when new IGA Entitlement is created to the directory) and application
       
       
     • When new IGA Entitlement is provisioned to the directory, IGA solution waits until it has received response from the directory and changes IGA Entitlements status to Active
       
       
   • Update existing IGA Entitlements automatically to the directory by changing information, which is provisioned to the directory
     
     
     • Groups unique ID's (like ObjectGUID in AD)  cannot be updated
       
       
     • Technical name and descriptions are most commonly changed attributes
       
       
     • When IGA Entitlements changes are provisioned to the directory, IGA solution waits until it has received response from the directory and changes IGA Entitlements status to Operational
       
       
   • Delete IGA Entitlements automatically from the directory
     
     
     • IGA Entitlement cannot be removed from IGA solution if auditing responsibilities apply 
       
       
     • When IGA Entitlement is removed and provisioned to the directory, IGA solution waits until it has received response from the directory and changes IGA Entitlements status to Removed.
       
       
   • Manage Self-Service Portal Information
     
     
     • IGA Admin can publish IGA Entitlement to be available for end-users to request changes to the entitlements information in Self-Service Portal in Create or Update Entitlement service
       
       
     • IGA Admin can manage approval level and Approver information, in case the entitlement can be modified throw-out Self-Service Portal.
       
       
3. Archive status
   
   
   • Is automatically set, when there has been six (6) months from removal
     
     
4. Changes and audit details are saved.

1. Manage organizational data use case contains three (3) different data imports
   
   
   • Organizational units
   • Cost Centers
   • Titles
     
     
2. IGA solution receives organizational data
    
   • If there is new organizational unit, cost center or title imported from the source system IGA solution checks from IGA Set Entitlement Information datacard, what type of IGA Entitlement needs to be created
     
     
3. From the IGA Set Entitlement Information datacard IGA Admin can add and modify 
   
   
   • General information
     • Name
     • Description
     • Directory
     • Language rule
       
       
   • Entitlement settings
     
     
     • (Create Entitlement based on) Organization name, organization ID, Cost Center name, Cost Center ID, title name or title ID
       
       
       • New IGA Entitlement is automatically created to the directory when new organizational unit, Cost Center or title information is received
         
         
       • IGA solution uses name information in both technical name and in friendly name
         
         
     • Add prefix
       
       
     • Add suffix
       
       
     • End date
       
       
   • Communication
     
     
     • Information receiver, can be support group or email address
       
       
       • Information is sent when new IGA Entitlement has been created
         
         
4. IGA solution creates new IGA Entitlement according to settings in IGA Set Entitlement Information
   
   
5. IGA solution creates relation between IGA Entitlement and organizational unit, Cost Center or Title datacards
   
   
6. If IGA solution receives information that organizational unit, title or cost center has been removed, it generates IGA Admin Task to IGA Admins for defusing relations
   
   
7. IGA Access Right Records are created and audit details are saved

• No approval,
• Manager only (can this be set for primary option),
• Manager then 1. Approver,
• Manager then 1. Approver then 2. Approver
• Manager then 1. Approver and 2. Approver
• 1. Approver only
• 1. Approver then 2. Approver
• 1. Approver and 2. Approver

Related datacards

IGA Entitlement
IGA Set Entitlement Information
IGA Access Right Record