Catalog
The Catalog interface displays the collection of Entitlements that administrators define and make available for authorized users to request. Additionally, this section allows administrators to create and manage entitlements.
Users can only request those entitlements that show available to request. All entitlements display for administrators.
Entitlement Status Symbol | Symbol Function | |
|---|---|---|
| The "eye" symbol indicates that the entitlement is active. | |
| The "strikethrough eye" indicates that the entitlement is inactive. |
The checkbox allows an entitlement to be selected. The buttons appearing in the footer depend on how many entitlements are selected at a given time. If one entitlement is selected, the footer will display the ability to Request, Delete or Clone the selected entitlement. If two or more entitlements are selected, the footer will display the ability to Request or Delete the selected entitlements.
Entitlement details can be viewed by clicking Details. The details section contains three tabs: General , Activity, and Relationships.
General
 |
Initially, only the owner, data classification, and expiration display in the General tab. Administrators can click the Show Advanced Options to display the fields available to edit in relation to the organization's environment when creating a new entitlement. The table below details the fields available to edit and a description.
Field Name | Description | |
|---|---|---|
Icon | Icon to associate with the entitlement when it is displayed in the UI. It can be uploaded from the user's local machine or selected from RapidIdentity's existing catalog of icons. | |
Name | Descriptive display name for the entitlement. | |
Description | A brief description can be entered for the entitlement, but is not required. | |
Owners | Displays the owner(s) of the entitlement. NoteAn entitlement owner is the primary contact for the entitlement and is responsible for Certification of entitlements or Extension of those that are about to expire. More than one entitlement owner can be assigned. | |
Data Classification | The Data Classification associated with the Entitlement. This serves as a label that describes the data associated with the entitlement. NoteIf no data classifications are present, select Create New and enter information for the Name, Description, Level, and Color fields. Example:
| |
Expiration | Defines when a granted entitlement will expire if not re-certified or extended by an Owner of the entitlement. To define the resource as never expiring, None can be selected. Click the desired option and, if selecting days or date, click the listed value to configure. NoteOptions available to select from:
| |
Time-based | If selected, the entitlement will expire in an indicated time (years, months, weeks, days, hours, minutes) from the time the entitlement is approved. NoteThe RapidIdentity jobs that run to expire entitlements run on a preset time interval. The exact time expected for an entitlement to expire may differ slightly from its actual expiration time. | |
Campaign-based | If selected, the entitlement expires on the selected date every year. | |
Binding | Number of instances per user allowed and whether they are bound, un-bound, single, or composite.
NoteAfter selecting a binding, it is fixed. If an error occurs, the entitlement must be removed completely and the process to create a new entitlement must be reinitiated. | |
Status | Can be set to Active or Inactive. | |
Access Control | Required Field - Used to determine if attributes or roles will control access to the entitlement. If set to Attribute-based, the Attribute ACL needs to be defined. This would be the list of attributes in which will be allowed access to the entitlement. NoteThis can be set to None. | |
Included Roles | Listed as a Required Field - This field determines the role(s) who will have access to this entitlement. Action on this section is only required if Role-based Access Control is selected. | |
Excluded Roles | Listed as a Required Field - This field determines the role(s) who will not have access to this entitlement. Action on this section is only required if Role-based Access Control is selected. | |
Priority | Orders this resource on the dashboard and requests tab. A priority of -1 gives it no special ordering. 1 is the top priority and is listed first. | |
Disable Certification/Extension | Disallows re-certification and extension of the granted entitlement. | |
May Not be Requested in UI | This prevents users from being able to request this particular entitlement. | |
Categories | Allows for categorization of the entitlements. NoteIf no Categories are present, select Create New and provide a Name and Description and set the Status to Active. | |
Grant Workflow | The Workflow Definition to use when the Entitlement is being granted. | |
Grant Workflow Form | If the Grant Workflow has forms defined, a form that should be used for the Entitlement grant process may be selected. | |
Revoke Workflow | The Workflow Definition to use when the Entitlement is being revoked. If not chosen, it defaults to the Grant Workflow. NoteThis option is not available for MULTI_UNBOUND Entitlements since those are not revocable. | |
Revoke Workflow Form | If the Revoke Workflow has forms defined, pick a form that should be used for the Entitlement revoke process. NoteThis option is not available for MULTI_UNBOUND Entitlements since those are not revocable. |
Relationships
Displays any configured conflicts or dependencies. This section allows conflicts and dependencies to be defined or removed by dragging the elements to the desired sections.
Example
If Entitlement A is a dependency of Entitlement B, then you can only request Entitlement B if you have or are in the process of obtaining Entitlement A. In this situation, you would edit Entitlement B and add Entitlement A to its list of dependencies.
Entitled Users
Administrators and Entitlement owners can view users who are associated with the specified entitlement by clicking the Users button.
 |
 |
This allows the administrator or entitlement owner to view a list of entitled users for the selected entitlement. If no users are associated with the entitlement, the screen will display, "No results found."
 |
If a user is not currently associated with an entitlement, the entitlement can be requested by clicking the Request button on the entitlement row in the list view, or on the card in the grid view.
If a user is not associated with any Entitlements, the screen will read "No Entitlements Found."
Add an Entitlement
Entitlements can be added from the Catalog interface. Follow these steps to add an entitlement.
Select the Add Entitlement button located in the upper right portion of the window to create an entitlement.
There will be two tabs: General and Relationships.
Add Entitlement - General Tab
The General tab allows Reports Admins to configure the settings that drive Entitlement permissions and define their workflows.
Field Name | Description | |
|---|---|---|
Icon | Icon to associate with the entitlement when it is displayed in the UI. It can be uploaded from the user's local machine or selected from RapidIdentity's existing catalog of icons. | |
Name | Descriptive display name for the entitlement. | |
Description | A brief description can be entered for the entitlement, but is not required. | |
Owners | Displays the owner(s) of the entitlement. NoteAn entitlement owner is the primary contact for the entitlement and is responsible for Certification of entitlements or Extension of those that are about to expire. More than one entitlement owner can be assigned. | |
Data Classification | The Data Classification associated with the Entitlement. This serves as a label that describes the data associated with the entitlement. NoteIf no data classifications are present, select Create New and enter information for the Name, Description, Level, and Color fields. Example:
| |
Expiration | Defines when a granted entitlement will expire if not re-certified or extended by an Owner of the entitlement. To define the resource as never expiring, None can be selected. Click the desired option and, if selecting days or date, click the listed value to configure. NoteOptions available to select from:
| |
Time-based | If selected, the entitlement will expire in an indicated time (years, months, weeks, days, hours, minutes) from the time the entitlement is approved. NoteThe RapidIdentity jobs that run to expire entitlements run on a preset time interval. The exact time expected for an entitlement to expire may differ slightly from its actual expiration time. | |
Campaign-based | If selected, the entitlement expires on the selected date every year. | |
Binding | Number of instances per user allowed and whether they are bound, un-bound, single, or composite.
NoteAfter selecting a binding, it is fixed. If an error occurs, the entitlement must be removed completely and the process to create a new entitlement must be reinitiated. | |
Status | Can be set to Active or Inactive. | |
Access Control | Required Field - Used to determine if attributes or roles will control access to the entitlement. If set to Attribute-based, the Attribute ACL needs to be defined. This would be the list of attributes in which will be allowed access to the entitlement. NoteThis can be set to None. | |
Included Roles | Listed as a Required Field - This field determines the role(s) who will have access to this entitlement. Action on this section is only required if Role-based Access Control is selected. | |
Excluded Roles | Listed as a Required Field - This field determines the role(s) who will not have access to this entitlement. Action on this section is only required if Role-based Access Control is selected. | |
Priority | Orders this resource on the dashboard and requests tab. A priority of -1 gives it no special ordering. 1 is the top priority and is listed first. | |
Disable Certification/Extension | Disallows re-certification and extension of the granted entitlement. | |
May Not be Requested in UI | This prevents users from being able to request this particular entitlement. | |
Categories | Allows for categorization of the entitlements. NoteIf no Categories are present, select Create New and provide a Name and Description and set the Status to Active. | |
Grant Workflow | The Workflow Definition to use when the Entitlement is being granted. | |
Grant Workflow Form | If the Grant Workflow has forms defined, a form that should be used for the Entitlement grant process may be selected. | |
Revoke Workflow | The Workflow Definition to use when the Entitlement is being revoked. If not chosen, it defaults to the Grant Workflow. NoteThis option is not available for MULTI_UNBOUND Entitlements since those are not revocable. | |
Revoke Workflow Form | If the Revoke Workflow has forms defined, pick a form that should be used for the Entitlement revoke process. NoteThis option is not available for MULTI_UNBOUND Entitlements since those are not revocable. |
Add Entitlement - Relationships Tab
This is where Requests Admins set up relationships between entitlements. To define whether another existing entitlement is a conflict or a dependency of the current entitlement being added, drag the chosen Available Entitlement to either the Conflicts or Dependencies column upon creation.
Note
If Entitlement A is a dependency of Entitlement B, then a user can only request Entitlement B if they have or are in the process of obtaining Entitlement A.
If Entitlement A is a conflict with Entitlement B, then a user with Entitlement A cannot be approved for Entitlement B, or vice versa.
Request an Entitlement
Follow these two steps to request an entitlement.
For an entitlement that has previously been requested, click the Request button on the entitlement row in the listed view (or card in the grid view). For new entitlements, select one or more entitlements from the catalog and click the Request button.
Note
Adding text and comments to the request is optional.
Click Request.
Requesting Multiple Entitlements
More than one entitlement can be requested at a time. Users can select multiple entitlements and click Request. The Request dialog allows each entitlement to be requested separately and users can optionally add comments to each request. The user will click Next until the last entitlement being requested is presented.
 |
Then, click Request to complete the multiple entitlement request.
 |