Self-Service: Physical Access Service
In this use case are described available physical access right management service in the Self-Service Portal. This use case is part of Manage Physical Accesses use case.
User and Manager can
1. Request new physical accesses
2. Remove existing physical accesses
3. Report missing physical access card
User can,
4. Change own PIN code for physical access card or badge from the physical accesses management solution.
There are two options for how to automate physical access right management
1. Use directory in between IGA solution and Physical Access Management solution
This needs that the Physical Access Right Management solution needs to have connector or needs to be integrated to Customer's directory (usually AD or Azure AD), where IGA solution is already connected (via Efecte Provisioning Engine).
2. Build integration between IGA solution and Physical Access Management solution
This needs Efecte Integration Service (or Customer's own integration platform) and integration method is agreed in the project. Usually integration is implemented by using WebAPI, REST API or file transfer between these solutions.
Use Case Description
This use case is available only for IGA Enterprise package.
|
Description |
Overview |
This use case describes functionalities in "Physical Access Service", which are available for user and/or manager. |
Operators |
IGA solution
Application (Physical Access Management solution)
Self-Service Portal
User
Manager
Application Admin (Physical Access Management solutions admin users) |
Prerequisites |
Physical Accesses Service is published in Self-Service Portal and integration or provisioning to the application has been implemented. |
Result |
1. User has needed physical accesses added or remove automatically to/from the access card
2. User or Manager has reported missing physical access card or badge
3. User has changed own PIN code for physical access card or badge
|
Operating chain for requesting physical accesses |
- Manager or User opens "Physical Accesses Service" from the Self-Service Portal
- Manager or User chooses "Request new physical access" check box
- Manager chooses subordinate from the list
- Manager can only request physical accesses to subordinates
- User can only request physical accesses to her-/himself.
- Manager or User chooses needed physical access based on categories defined in IGA Entitlement and IGA Request Catalog datacards
- Category 1
- Category 2
- Physical Access right (IGA Entitlement)
- User or Manager can request several physical accesses by using shopping chart
- IGA solution sends approval request according to settings in IGA Entitlement datacard
- Approver can approve or decline request.
- IGA solution receives information and starts workflows and provisioning/or integration
- If user does not have exiting IGA Account for physical accesses it is created and delivered to the target system
- IGA Admin Task is created to Application Admins, for creating physical access card or badge
- User information and related IGA Entitlements are provisioned from users IGA Service request datacard
- Integration reads user information and related IGA Entitlements from the IGA Service request datacard
- IGA solution waits response from the directory and closes request
- Access Right Records are saved and process ends.
|
| Operating chain for removing physical accesses |
- Manager or User opens "Physical Access Service" from the Self-Service Portal
- Manager or User chooses "Remove physical access" check box
- Manager chooses subordinate from the list
- Manager can only remove physical accesses from subordinates
- User can only remove physical accesses from her-/himself.
- Manager or User chooses removable physical access from the list, which shows users existing and active physical accesses
- User or Manager can remove several physical accesses by using shopping chart
- IGA solution sends approval request according to settings in IGA Entitlement datacard
- Approver can approve or decline request.
- IGA solution receives information and starts workflows and provisioning/or integration
- User information and related IGA Entitlements are de-provisioned from users IGA Account datacard
- Integration reads user information and related IGA Entitlements from the IGA Service request datacard
- IGA solution waits response from the target system and closes request
- Access Right Records are saved and process ends.
|
| Operating chain for reporting missing physical access card or badge |
- User or Manager opens "Physical Access Service" from the Self-Service Portal
- User or Manager chooses "Report missing physical access card" check box
- Manager chooses subordinate from the list
- Manager can only report subordinates missing physical access card or badge
- User can only report own missing physical access card or badge
- User or Manager fulfill mandatory estimation time, when physical access card or badge was lost
- IGA solution receives information, starts workflows, provisioning or integration
- Users IGA Account to the target system is disabled via provisioning or integration
- IGA solution solution generates new IGA Account for physical access card or badge and adds same IGA Entitlements to the IGA Account, than the previous IGA Account had
- IGA Admin Task is created to Application Admins, for new physical access card or badge creation
- IGA solution waits response from the target system and closes the request
- IGA Access Right Records are created and auditing details are saved.
|
| Operating chain for changing PIN code |
- User opens "Physical Access Service" from Self-Service Portal
- User chooses "Change PIN code" check box
- User adds new PIN code and submits the request
- IGA solution receives information and starts workflows, provisioning or integration
- New PIN code is delivered to the target system via provisioning or integration
- IGA solution waits response from the target system and closes the request
- IGA Access Right Records are created and auditing details are saved
|
Related datacards |
IGA Entitlement
IGA Account
IGA Admin Task
IGA Service Request |
| Self-Service Portal |
Physical Access Service |
Delete
Configuration Changes
Customer can define these configuration changes, without them affecting the projects schedule or work estimations.
1. Customer can define categories (2-3) for Self-Service Portal service
Delete
Expansion Possibilities
In this chapter are listed expansion possibilities, but please notice that these might have affect to the projects schedule and work estimations, so these will always needs Efecte Consultants review before agreeing on implementation.
1. Customer can add request physical accesses to user on-boarding service
2. Customer can separate functionalities to own services in Self-Service Portal (for example there would be own service for Change PIN Code)
Delete
Relations and Configuration instructions
Relations to other use cases,
Relations to other data cards,
Configuration instructions:
- Publish service "Physical Access" in ESS
- Go to IGA service request and workflow called "IGA Physical Access request"
- Check and configure the workflow nodes especially PLACEHOLDER nodes
- Is it provisioning or integration, is there need epetask or integration settings
- Publish the workflow
System test instructions:
- Test Physical Access from ESS
- Test user for this test user must be a manager that have subordinates
- Check the IGA Service request from the ESM that it is successfully executed
- Check the target system that Physical Access is added to the user
Delete