Documentation

Birthright policies

Suggest Edits

Overview

Entitle birthright policies are sets of rules that automatically manage employees’ birthright permissions, allowing a group of employees to be entitled to a set of birthright permissions.

When an employee joins the group, e.g. upon joining the organization, they will be automatically granted the permissions defined for the group, and upon being removed from the group, e.g. leaving the organization, the permissions will also be automatically removed.

This page will provide you with step-by-step instructions on how to use Policies in Entitle.

View and manage Policies

  1. Log into Entitle and navigate to the Policies screen.

  2. Policies table (Number 1): The table presents all existing policies within the tenant. The columns from left to right are:

    1. Group: Displays the groups to which the policies want to grant access.
    2. Bundle: Displays the bundles to which the policies grant access.
    3. Role: Displays the roles to which the policies grant access.

  3. Prioritize policies (Number 2): As mentioned, permissions for conflicting roles will be given based on the priority of the policy. Therefore, if you wish to adjust the order, drag the chosen policy using the dots icon on the left side according to your preference.

  4. Edit/Delete policies (Number 3):

    1. Edit a policy: Click the pencil icon and when you are done, click Save.
    2. Delete a policy: Click the trash icon, and in the pop-up screen click Delete policy. This action will remove the permissions that the specific users within the selected groups had through this policy.

      📘

      Important note:

      It is recommended that when deleting a policy, remove the roles/bundles from the policy first, and then proceed to delete it.

  5. Add policy (Number 4): Allows to set up new policies. For further details, refer to the following section in this guide.

  6. Note: Hovering over the different components within the policies table will provide you with further information on the groups, bundles, and roles.

Set up Entitle Policies

  1. Log into Entitle and navigate to the Policies screen. Then, click the Add Policy button on the top-right corner.

  2. In the pop-up screen, you will need to choose the following details for your new policy:

    1. Groups and Schedule (Number 1): Select your chosen groups and/or schedules from the list - you can choose as many as you wish. Note: The groups that can be chosen are identity providers and on-call groups. You can see the detailed lists of each group under the Org settings page.

    2. Next, choose whether you want the policy to give access to roles, bundles, or both.

      1. Give access to roles (Number 2): Click the Add Role button on the right side, then choose the Integration, resource, and role you wish to add.

        • If you encounter the "No roles available" message, please consider the following:

        This message appears for roles created by an Admin in a Virtual Application that are connected to roles that cannot be requested or received under these circumstances:

        • The integration has been deleted.
        • Can_update_permissions is set to false and can_create_actors is set to true.

        As a result, when an Admin attempts to set up a Policy using that Virtual Application, these roles will not be visible. If only one role exists when an Admin accesses the Add role field, it will display "No roles available."

      2. Give access to bundles (Number 3): Click the Add Bundle button on the right side, then choose the Bundle Name from the list.

      3. To add multiple roles or bundles, click the Add Role or Add Bundle button each time.

  3. Finally, click Apply. You should now be able to see the new policy you just created in the original Birthright policies screen.

Changes in Policies

Any change done in the system is documented in the Audit logs screen, including changes in policies; e.g. changes in the policy’s content through creating, editing, or deleting policies, as well as changes in the policy’s permissions.

Triggers for Policies

The policies are applied once a day, however, any of the following changes will be applied immediately: creating, editing, or deleting policies, reordering the policies, changes in the on-call groups, and changes in the IdP groups.

Updated about 1 month ago