IGA Use Cases

Last modified 16 May 2022 13:57 +02:00
This page is a stub, it is a work in progress.

Business use cases and "user stories" for Identity Governance and Administration. The purpose of this document is to guide design activities by providing a list all the practical use cases for inspiration. We do not claim that our implementation will support all of those use cases.

This list is not complete. It is expected that it will be continually updated.


IGA information is consumed by different actors. Starting with end-users, through technical engineers and finishing by business and security managers.

The IGA information must be available to all of them in the form they need.

1. End-user

Typical interaction of end user is self-service - end user needs to request new access, modify his profile and review the access he has already.

End-user needs the access to be described in business form.

Information provided

  • Individual information of my access (roles and applications assigned to me)

  • View of user’s profile and its modification (optional).

  • Credential management

  • Possibility to add new access (request a role) and remo

He needs to see individual objects. No specific dashboards or reports are needed for the end-user.

Only global view should be the role catalog.

Form of information: business level (roles and applications)

1.1. Use cases: End-user



  • What is my access ?

  • Do I have access to the application A ? Why ?

  • I need access to the application A ? What roles should I request ?

2. Business Manager

Business manager is any person in an organization being responsible for / or technically managing the access of their team. Additionally, to end user, the business manager need also to anser

Form of information: business level (roles and applications)


2.1. Use cases: Business Manager


3. Application engineer

Aplikacny inzineir potrebuje

3.1. Use cases: Application engineer


4. IGA Administrator


4.1. Use cases: IGA Administrator


5. Role Manager


6. Use cases: Role Manager


7. Security officer


8. Use cases: Security officer


Old text below.

10. Access request use cases

This chapter describes use cases pre assignment management by end users using self-service UI.

It does not cover assignment management performed by IDM administrators in administration interface - these operations are performed instantly and does not generate access request and approvals.

Request new access
  • End user requests new access for himself

  • End user requests new access for somebody else

Modify existing access
  • End user needs to update parameters of the access for himself

  • End user needs to update parameters of the access for somebody else

Remove access
  • End user wants to remove access for himself

  • End user want to request access removal for somebody else

Other use cases
  • Approver needs to approve/reject one request

  • Approver needs to approve/reject multiple requests at once

  • End user wants to see request approval and processing history.

  • Requestor wants to know why the request is not processed yet

Table 1. Use case template
<Use case name>

Actor: <Requestor>

Described in <xref::TODO>

Motivation and details:


Reports are described in Access request process monitoring.

11. Automatic role assignment use cases (policies)


12. Role engineering use cases

New role
  • creation of an application role

  • creation of a business role

  • deployment of a new application and creation of new roles for it

Role modification
  • modification of business parameters of the role

  • modification of provisioning parameters of the role (role recompute required)

  • modification of lis of roles assigned in the business role

Role decommissioning
  • decommissioning of a role

  • decommissioning of an application

13. Access certification use cases

Process management by end user