Entitlement Agents#

An entitlement agent grants an entitlement to a user.

There are three agents which can grant or revoke entitlements to an Entry as described below.

Role-Based Entitlement entitlement agent #

The Entitlements Service driver grants the entitlement based on criteria that place the user in a particular role (or group). The criteria can be based on any event that occurs in the Identity Vault.

Entitlements are typically granted based on a the satisfaction of a query against the Identity Vault.

For example, adding a new employee in an HR system causes a User object to be created in the Identity Vault. Creation of the new User object is the criterion that causes the Entitlements Service driver to grant the Active Directory User Account entitlement to the user.

The <src> element value for the Role-Based Entitlement entitlement agent appears as:

<src>RBE</src>

User Application Roles Based Provisioning entitlement agent#

The user receives a role assignment through the User Application. The User Application’s Role Service driver grants the user any entitlements associated with the new role.

For example, a user is assigned an Accountant role that requires access to the Accounting group in Active Directory. The Role Service driver grants the Active Directory Group Membership entitlement to the user.

The <src> element value for the User Application Roles Based Provisioning entitlement agent appears as:

<src>???</src>
Sorry, we do not know.

User Application Workflow-Based Provisioning entitlement agent#

A provisioning workflow grants the entitlement to the user.

For example, a new employee is added to the HR system, which causes a User object to be created in the Identity Vault. Creation of the new User object initiates a workflow that grants the Active Directory User Account entitlement to the user.

The <src> element value for the User Application Workflow-Based Provisioning entitlement agent appears as:

<src>AF</src>

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-8) was last changed on 08-Dec-2011 13:21 by jim