FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Extended access right management

Self-Service: Active Privilege Accesses

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Self-Service: Active Privilege Accesses

Self-Service: Activate Privilege Accesses


In this article is described how user can activate existing privilege account and related accesses, which user is allowed to use.

This use case is part of Manage Privilege Access use case, and it needs to be implemented simultaneously.




Use Case Description


This use case is available only for IGA Enterprise package. 

Please notice, that managing Administration level accesses for example in AD, it needs domain admin level permissions to the service account, which IGA solution is using for writing data towards AD.

 


 Description

Overview

This use case describes how users can activate privilege account and accesses (which user is pre-defined to be allowed to use) from the Self-Service Portal.

Operators

IGA solution
Self-Service Portal
User

Prerequisites

User needs to have privilege account and permissions to activate related IGA Entitlements (privilege accesses).

Manage Privilege Accesses use case and all related uses cases are implemented.

Result

User privilege account is enabled for temporary time of period, group memberships is provisioned automatically to the directory or application and after maximum validation days account is disabled and group membership connections are removed. 

User is able to sign in with the privilege account. 

Operating chain
  1. User opens "Activate Privilege Accesses" service from the Self-Service Portal.

    • User chooses privilege account

      • If user has several privilege accounts user chooses from the list correct one. 

      • If User has only one privilege account it is already selected.

    • User chooses IGA Entitlements, which he / she needs to be activated 

      • On the list, user can only see IGA Entitlements, which are found from related IGA Account datacard, in Privilege permissions attribute (entitlements which are requested by using "Request Privilege Accesses" service from the Self-Service Portal

    • User selects reason

      • Incident, mandatory to fulfill ticket number

      • Change request, mandatory to fulfill justification and optional ticket number

      • Maintenance, mandatory to fulfill justification

      • Other, mandatory to fulfill justification

    • User can also change privilege accounts password (optional field)

    • User chooses submit 

  2. IGA solution receives information and validates from users privilege IGA Account datacard, that user has permissions to activate these entitlements

    • If permission is not found, IGA solution sends information to the Self-Service Portal and closes the request

  3. IGA solution starts provisioning process

    • Privilege account is enabled and group membership connection is provisioned to the directory or application

    • Privilege account is enabled only for allowed time period

      • This is defined in IGA Set Account Information datacard

  4. IGA solution waits until response from the directory or application has received, closes the IGA Request and sends status information to Self-Service Portal 

  5. User is able to use now privilege account and access only to those directories or applications, which IGA Entitlements user activated

  6. IGA solution waits that maximum validation dates are exceeded
     
    • Users privilege account is disabled  

    • All group memberships are removed, but permission to use them are stored in the IGA Account datacard

  7. IGA Access Right Records are created and audit details are saved.

Related datacards

IGA Identity Storage
IGA Account
IGA Set Account Information
Application

Self-Service Portal services

Activate Privilege Accesses
Delete

Configuration Changes


Customer can define these configuration changes, without them affecting the projects schedule or work estimations. 

1. Customer can define reasons and mandatory justifications

Delete

Expansion Possibilities


In this chapter are listed expansion possibilities, but please notice that these might have affect to the projects schedule and work estimations, so these will always needs Efecte Consultants review before agreeing on implementation.

1. Customer can also define, that activation is not needed for privilege accounts, but instead they are always active and privilege accesses (IGA Entitlements) are connected. This means that privilege account and accesses are always active and user can use them without any justifications. 

This changes also use cases, "Request Privilege Account", "Request Privilege Accesses" and "Manage Privilege Accesses". 

Delete

Relations and Configuration instructions


Relations to other use cases, 


Relations to other data cards, 


Configuration instructions: 

  1. Publish service "Activate Privileged Accesses" in ESS

  2. Configure EPEtask called "[Directory] IGA Service request: Activate account"
    • Configure the connection settings and after that Test connection from the EPEtask
    • Define user and group filters and settings
    • No need to change user identity mappings

  3. Go to IGA service request and workflow called "IGA Privileged Accesses"
    • Check the workflow node Activate Account is it using right data source
    • Check the workflow node Reset Password is it using right data source
    • Publish the workflow

System test instructions:

  1. Test Activate Privileged Accesses from ESS
    • Test user for this test case must have a privileged account and permissions to activate related IGA Entitlements
    • Check the IGA Service request from ESM that is successfully handled
    • Check from Directory that Privileged Account is activated
    • Check from ESM that Privileged Account status is active
      Delete
privilege access self-service

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Self-Service: Approvals

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand