Entitlements
In Identity Governance, an entitlement is a specific access right that the system assigns to an account. An account is an identity profile in an onboarded application that maps to an identity in Advanced Identity Cloud within a target application and corresponds to a particular permission. It defines what actions a user can perform, such as viewing, modifying, or managing entitlements once they have access to the resource.
Identity Governance lets you act on entitlements, such as:
-
Discover and onboard entitlements
-
Grant entitlements including:
-
Using access requests
-
Using provisioning roles
-
Using direct assignment by administrators
-
-
Certify users who have been granted entitlements.
-
Perform segregation of duties (SoD) checks on identity entitlement assignments that violate compliance policies.
-
Manage the entitlements lifecycles using Governance Workflows
Entitlements catalog
Identity Governance aggregates entitlements from onboarded target applications into a centralized repository called the entitlements catalog, providing a unified view of the entitlements.
With the entitlements catalog, you can:
-
Create new entitlements.
-
View entitlement details.
-
Add or revoke members directly.
-
Enrich the business metadata or glossary of the entitlement.
