FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Extended access right management

Self-Service: Request Privilege Accesses

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Self-Service: Request Privilege Accesses

Self-Service: Request Privilege Accesses


In this article is described use case for User or Manager to be able request additional accesses (IGA Entitlements) to be added to the Users existing privilege account.

This use case is part of Manage Privilege Accesses use case, and it needs to be implemented simultaneously with all related privilege access use cases. 



Use Case Description


This use case is available only for IGA Enterprise package. 



 Description

Overview

This use case describes how users can request privilege accesses from Self-Service Portal to be added to users existing privilege account.

Operators

IGA solution
Self-Service Portal
Manager
User
IGA Admin
Approvers

Prerequisites

Privilege accesses needs to be marked in IGA Entitlement datacards and they need to be published in Self-Service Portal "Request Privilege Accesses" service. 

User needs to have existing privilege account. 

Result

Requested privilege accesses has been approved and automatically added to the directory or application. User can now active these privilege access by choosing "Active Privilege Accesses" service from the Self-Service Portal.

Operating chain requesting account
  1. User or Manager opens "Request Privilege Accesses" 

    • If user is requester, Manager needs to advocate request and possible Approvers needs to approve the request

    • If Manager is requester, there is no need for separate advocate, but possible Approvers needs to approve the request.

    • If Manager is the requester he or she chooses subordinate who needs privilege accesses 

  2. User or Manager chooses which privilege account requires more accesses 

    • If user only has one privilege account, it is automatically selected 

  3. User or Manager chooses correct accesses from the list

    • Only IGA Entitlements marked as privilege access and are published in "Request Privilege Accesses" service are shown on the list

    • Only IGA Entitlements, marked as privilege access and related to the chosen account (step 2, in operating chain) directory or application are shown on the list 

    • User or Manager can request several different accesses, by using shopping chart

  4. User or Manager adds mandatory justification and chooses Next

  5. IGA solution generates IGA Service Requests 

    • Permission to activate allowed privilege accesses (IGA Entitlements) related to the privilege account, is shown in the related IGA Account datacard

      • User now has permission to active and use these privilege accesses, but user cannot use them before activation.

      • This means that user can now activate these accesses related to the privilege account, by choosing "Active Privilege Accesses" service from the Self-Service Portal.  

  6. IGA solution closes the IGA Request and sends status information to Self-Service Portal

  7. IGA Access Right Records are created and audit details are saved.

Related datacards

IGA Identity Storage
IGA Account
IGA Entitlement
IGA Service Request
Application

Self-Service Portal services

Request Privilege Accesses
Delete

Configuration Changes


Customer can define these configuration changes, without them affecting the projects schedule or work estimations. 

1. Customer can define "Request Privilege Access" fields, like for example if Application is asked to choose or not. Sometimes instead of application Customer may want to use organizational units for shorting available IGA Entitlements. 

Delete

Expansion Possibilities


In this chapter are listed expansion possibilities, but please notice that these might have affect to the projects schedule and work estimations, so these will always needs Efecte Consultants review before agreeing on implementation.


1. Customer can expand privilege accesses by implementing new integrations or connectors to organizations applications. 


2. Customer can also define, that requested IGA Entitlements are provisioned to the directory or application, and in that case users privilege accesses are always valid and user can use them without any justifications. 

This changes also use cases, "Request Privilege Account", "Active Privilege Accesses" and "Manage Privilege Accesses". 


Delete

Configuration instructions

  1. Publish service "Request Privileged Accesses" in ESS

  2. Configure EPEtask called "[Directory] IGA Service request: Verify, Add, Remove"
    • Configure the connection settings and after that Test connection from the EPEtask
    • Define user and group filters and settings
    • No need to change user identity mappings

  3. Go to IGA service request and workflow called "2.0 Manager Adds Rights to Others Workflow"
    • Publish the workflow

  4. Test Request Privilege Access right services from ESS
    • Check the IGA Service Request from ESM that is successfully executed
    • Check the group memberships from the Directory. New group is added to the user
Delete


privilege access self-service

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Self-Service: Request access rights
  • Self-Service: Remove access rights

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand