Manage entitlements

Grant entitlements to a user

Identity Governance provides capabilities to grant entitlements to a user.

Add an entitlement to a user

Identity Cloud allows you to add entitlements to a user directly, via a request, or via synchronization with the target application.

To add an entitlement to a user directly:

In the Identity Cloud admin UI, go to Identities > Manage.
On the Manage Identities page, click realm-name - Users, and select an existing user.
On the selected user’s page, click Entitlements > Add Entitlements.
On the Grant Entitlements modal, select which application you would like to grant permissions for this user to access.
On the Choose Entitlements modal, select one or more entitlements to grant to the user, and then click Grant Entitlements. You will see an "Entitlements request successfully submitted" message. The new entitlement appears on the user’s entitlements page.

View a user’s entitlements

In the Identity Cloud admin UI, go to Identities > Manage.
On the Manage Identities page, click realm-name - Users, and select an existing user.
On the selected user’s page, click Entitlements. Each row shows the entitlement name in bold text with the associated application listed below it.
Enter an entitlement in the Search box, or click an entitlement from the selected list.

View user entitlement details

In the Identity Cloud admin UI, go to Identities > Manage.
On the Manage Identities page, click realm-name - Users, and select an existing user.
On the selected user’s page, click Entitlements. Each row shows the entitlement name in bold text with the associated application listed below it.
Enter an entitlement in the Search box, or click an entitlement from the selected list.

Next, click the ellipsis () for an entitlement, and then click View Details. The modal opens to the Entitlement Details.

Field Description

Field	Description
Application	Displays the application name and logo.
Owner	Displays the owner of the application.
<glossary attributes>	Displays various glossary attributes and their values. For example: Requestable. Displays the values of the `requestable` flag: `true` or `false`. Description. Displays the description of the attribute. New Entitlement Glossary Attribute. Displays the value of the entitlement glossary attribute.
<Technical details>	Displays technical details, such as object type properties and their values. The details differ with each application.

Application

Displays the application name and logo.

Owner

Displays the owner of the application.

Displays various glossary attributes and their values. For example:

Requestable. Displays the values of the requestable flag: true or false.
Description. Displays the description of the attribute.
New Entitlement Glossary Attribute. Displays the value of the entitlement glossary attribute.

Displays technical details, such as object type properties and their values. The details differ with each application.

Revoke a user’s entitlement

Identity Cloud admin UI allows users to revoke non-role-based entitlements from the user’s entitlements list page. If the entitlement is role-based, users cannot revoke the entitlement.

In the Identity Cloud admin UI, go to Identities > Manage.
On the Manage Identities page, click realm-name - Users, and select an existing user.
On the selected user’s page, click Entitlements. Each row shows the entitlement name in bold text with the associated application listed below it.
Enter an entitlement in the Search box, or click an entitlement from the selected list.
Next, click the ellipsis () for an entitlement, and then click Revoke. The Revoke Request modal appears.
On the Revoke Request modal, enter the following information:
- Justification. Enter a justification for the entitlement revoke request.
- Priority. Select a priority for the revocation.
- Expiry Date. Enter an expiry date for the revoke request.
Click Submit Request. The Request successfully submitted message appears.