FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Access right management

Self-Service: Request Access Rights

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Self-Service: Request Access Rights

Self-Service: Request Access Rights

This use case is part of access right management use cases and in this article is described use case for requesting access rights from Self-Service.  

It is important to separate access right requests from automation, which grants access rights automatically based on users personal and employment related information, when access right requests are made by end-users and usually request requires approval before provisioning.

 

 When the use case is delivered, it contains three (3) possibilities to request access rights,

  1. Request access rights to myself (available to all end-users)
  2. Request access rights to my subordinate (available to managers)
  3. Request access rights to external users (available to managers)

Please notice, that IGA packages (Starter, Growth, Enterprise) has affect to the use case and relating functionalities such as user lifecycle management, toxic combinations, etc.

 

Use case in nutshell

End-user is logged into Self-Service

  1. Manager or user requests access rights from Self-Service
  2. Approver(s) approves request(s) in the Self-Service
  3. Access right(s) are automatically added to user or manual request is sent for adding the access right(s) manually
  4. Manager and user can see their own request history from Self-Service
  5. IGA Admin can manage access right information, request catalog and visibility for the access rights which are published into Self-Service from IGA solution.
  6. All auditing details are available for reporting (by using ready-made reports and dashboards or IGA admins can easily create own reports)

 

Full Use Case Description

Use Case Description

This use case is part of all IGA packages, and customer can decide when it is published to end-users

  Description

Overview

This use case describes how end-user can request additional entitlements or business roles and what are outcomes for that request. 

User and manager can request additional entitlements or business roles for him/herself (request access rights).

Manager can request additional entitlements or business roles for subordinate or for external subordinate (request access rights for my subordinates or request access rights for external users)

Operators

IGA solution
Self-Service 
End-user (manager or user)
IGA admin

Prerequisites

Entitlements (access rights) and/or business roles need to be published to Self-Service. 

Manager - subordinate relations needs to be existing in IGA solution. 

Result

The request is appropriately approved and send to provisioning process. All audit details are saved and can be reported. User and manager can follow up request status in Self-Service.

Operating chain
  1. User opens “Request access rights for myself” or manager opens “Request access rights for my subordinate or request access rights to external users" service from Matrix42 Self-Service.
     
  2. Manager chooses subordinate(s) and related work period (in cases where user can have several work periods).
    • User can only request access rights for him- / herself
       
  3. End-user chooses based on pre-defined category’s what access rights are needed (you can select several access rights to the shopping cart):
    • Access Right Category 1 (Customer can define values)
    • Access Right Category 2 (Customer can define values)
    • Application (list of related applications)
    • Access Right (list of application related entitlements)
    • Business roles (list of entitlement related business roles)
       
  4. End-user can add start and end date (if required) for how long access right is valid for the user
    • If entitlement has access right validation defined, it will overwrite validation dates added to the request
       
  5. End-user adds mandatory justification and selects submit.
     
  6. Manager advocates
    • If manager declines request, audit information is saved, user is notified, and process ends. 
    • If manager is requesting additional access rights for subordinate, no separate advocate is needed. 
       
  7. Approver approves in Self-Service
    • If there is approver added to the requested entitlement, request needs second level approval
    • If approver declines request, audit information is saved, user is notified, and process ends.
       
  8. IGA solution receives the access right request and starts provisioning process

    • Request can be manually provisioned (managed manually)
    • Request can be automatically provisioned 
    • Request can be combination of automatic + manual provisioning, when automatic part is implemented first (before generating admin task to IGA admin). 
       
  9. Access right records (audit details) are saved, and process ends. 

Self-Service 

Request access rights for myself
Request access rights for internal Users
Request access rights for external Users

If user lifecycle management add-on is included, request access right service can also be shown in "onboard internal users" and "onboard external users" bundle orders. 
Self-Service reporting User can see own active access rights
Manager can see own and subordinates active access rights
User can see own open requests
Manager can see own open requests
Manager can see request waiting for approval
Approver can see request waiting for approval
Approver can see own approval history
User can see own request history
Manager can see own request and approval history
IGA administration tasks & reporting IGA administrations tasks can be found from here.

Messages

User can see own open requests and their status, and request history from Self-Service, so it is highly recommended that email notifications are added to IGA solution in further development phase and try to guide users to portal at the first phase. Email notifications can be also added by IGA Admin.

 

 
 

 

Delivery Instructions

Configuration Instructions

In this chapter are described configuration instructions, please check also following chapter system- and approval testing, 

 

Relations to other use cases,

Manage entitlements - use case for IGA admins to be able to define different settings to single access right group (entitlement), such as approvers, visibility in Self-Service, description etc.

Manage request catalog - users to be able request access rights from Self-Service, IGA admin needs to build categories for the request catalog.

Approval - use case for different approval types.

Provisioning - is used when group memberships are created.

IGA administration - use case for IGA admins to be able to get notifications in case there is a need for manual actions.

 

Configuration instructions for Self-Service

  1. Login as a admin to Self-Service admin UI 
  2. Publish service "Request Access Right for Subordinate" in Self-Service 
  3. Publish service "Request Access Rights for External Users" in Self-Service 
  4. Publish service "Request Access Rights for Myself" in Self-Service 

Configuration instruction for connector

  1. Login as IGA configuration admin to IGA solution
  2. From connector management, select correct directory where provisioning is made
    • Configure connector settings for correct directory and test connection
    • Configure related event-based task called “[Directory] IGA Service request: Verify, Add, Remove”
      • Define user and group filters and settings, 
      • No need to change user identity mappings
    • Configure related event-based task called “[Directory] IGA Access Right Record: Remove or Add group”
      • Define user and group filters and settings
      • No need to change user identity mappings

Configuration instructions for workflows

  1. Go to IGA Access right record and workflow called “1.0 Access right ending”
    • Publish the workflow
  2. Go to IGA Access right record and workflow called “2.0 Add or remove group membership”
    • Publish the workflow
  3. Go to IGA service request and workflow called “2.0 Manager Adds Rights to Others Workflow”
    • Publish the workflow
  4. Go to IGA service request and workflow called "2.3 Users Add Rights for Themselves" 
    • Publish the workflow
  5. Move to testing instructions.
 
 

System and Approval Testing Instructions

Testing request access right use case happens from Self-Service, but results are validated also from IGA solution, and it is recommended to test also related IGA administration daily actions by creating on purpose test cases which generates IGA administration tasks (failed provisionings etc.). 

Preparation tasks 

  1. Ensure that you have users with manager-subordinate relationship
    • If external users own request service is used, ensure that manager has external users as subordinate
  2. All users need to have active work periods
  3. Create request catalog categories
  4. Publish entitlements and business roles to request catalogs

Testing instructions, Self-Service

  1. Login as user to Self-Service
    • Request access rights for your self
      • One entitlement
      • Several entitlements at the same time
      • Business roles
      • Manual and automatic type of entitlements
    • Validate that,
      • Info text's, tool tips, descriptions etc. are correct
      • Request status is updated according to request progress in the front page
      • Request is visible in My Request view
      • Request is visible in My Things (if active access rights are listed there)
  2. Login as approver to Self-Service
    • Make approval decision
      • Approve the request
      • Decline the request
    • Validate that,
      • Approval information is showed correctly
      • The request is visible in Approvals view
  3. Login as manager to Self-Service
    • Request access rights to subordinate
      • One entitlement
      • Several entitlements at the same time
      • Business roles
      • Manual and automatic type of entitlements
    • Validate from Self-Service,
      • Info text's, tool tips, descriptions etc. are correct
      • Request status is updated according to request progress in the front page
      • Request is visible in My Employees (if active access rights are listed there)

Testing instructions, IGA solution

  1. Login as IGA admin to IGA solution
    • Validate that 
      • IGA service request is created correctly
      • IGA access right record(s) are created correctly
      • Provisioning is successful
      • The entitlement and/or business role is visible in users identity storage, person, work period, account, entitlement and/or business role data cards.
    • Test re-running the provisioning for failed requests
 
 

 

Was this article helpful?

Yes
No
Give feedback about this article

Table of Contents

Related Articles

  • Self-Service: Request access rights
  • Self-Service: Remove access rights
  • Self-Service: Approvals
  • Manage entitlements
  • Manage business roles

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand