Org settings

Entitle’s Org settings screen in Entitle contains all of your organizational settings, broken into different sections. It has several key functionalities for admins:

• View and manage your organization's admins in Entitle
• Set a default timezone for your organization's users
• View and manage your organization's integrations
• View and manage your IdPs SAML configurations
• View and manage tokens
• Manage JIT (Just-In-Time) access requests’ settings
• Manage access review settings
• View and manage audit log webhooks

View and manage Entitle admins

This section explains how to view and manage your organization admins (delete or add new ones).

1. Log in to Entitle and navigate to the Org settings tab on the left-side menu.

   

2. Locate the Entitle admins section:

   • To remove an admin from the list, click the trash icon in the according row. Note: An admin user cannot remove their own user accounts.
   • To add a new admin, click Add. In the new row that appears, select a new user to be an admin.

Set a default timezone

• This section allows you to set the timezone in which Entitle will record the time of the events in the system.
• Locate the Timezone section and select your preference from the list. Note: The default timezone is America - New York (GMT+ 05:00).

View and manage integrations

This section allows you to view and manage your connected integrations, and connect new ones that exist within your organization.

Types of integrations

• Communication platform (Slack, Teams, etc.): This will allow employees to create new access requests, respond to access requests for which they are approvers, and get notified of requests made by your messaging app. You can also add multiple Slack/Teams connections, for the same system.
• HR system (BambooHR, etc.): This will allow you to populate the direct manager for your organization, and allow more complex Approval workflows.
• Ticketing system (Jira, Zendesk): This will allow employees to link existing tickets from your ticketing system to access requests.
• On-call (Opsgenie, PagerDuty): This will allow effective incident resolution, real-time alerts, and on-call scheduling to help organizations handle digital operations effectively. Entitle currently supports only these two on-call applications.
• IdP (Identity providers such as Google, Okta, etc.): This will allow you to sync all your directory users and groups into Entitle and use your organization entities inside the application. These groups will be used both for the Approval workflows and the Birthright policies.
  Below you will find a list of the supported IdPs and references to their directory connection guides:
  • Google
  • Okta
  • JumpCloud
  • OneLogin
  • Azure Entra ID
  • Active Directory

Add a new integration

1. Click Add and select the integration you wish to add.

   ℹ️

   Note

   The integrations presented in the list have yet to be connected.

   

2. Fill in the required fields for the specific integration to complete the integration process.
   The newly created integration displays under the Integrations section.

Edit an integration

1. Locate the specific integration you wish to edit.

2. Click the horizontal ellipses (…) icon to open the dropdown menu.

   Note: The editing options vary between the different integration categories (e.g. the menu is different in the Communication platform category and the IdP category).

   • Options for all integrations besides IdPs:

     • Add connection
     • Disconnect

   • Options for IdPs:

     • Sync

     • Add connection

     • Enable HR

     • Edit connection: If the current setup needs to be updated i.e., there's an expired IdP token, you can edit the connection and provide a renewed token to the existing connection.

     • Disconnect

       

3. Select an option from the appropriate menu to complete the editing process.

Disconnect an integration

1. Locate the integration you wish to disconnect.
2. Click the horizontal ellipses (…) icon and select Disconnect from the dropdown menu.
3. In the pop-up window, click Disconnect to complete the action.

View and manage IdPs SAML configurations

This section allows you to view your organization’s SAML connections which enable employees to log into Entitle, and manage them (delete/add new ones) all in one place.

Note: Currently SAML login is natively defined for Google and Microsoft, and you can add Okta in this section by following the Okta SAML integration guide.

1. Locate the IdP SAML configuration section.

2. Click Add to add a new IdP SAML configuration. Insert the SAML configuration in the new row under the XML metadata URL column.

   

3. Click the trash icon in the according row to remove an IdP SAML configuration.

View and manage tokens

This section will explain how to:

• View and manage your API tokens to automate the Entitle administration easily.

  ℹ️

  Note

  For additional information regarding Entitle’s API, see Entitle’s API guide.

• View and manage your Agent tokens, allowing you to keep track of the Entitle agents that you have created for your organization.

  ℹ️

  Notes

  • Entitle agent is the local agent that communicates directly with all the managed applications and is hosted by the customers.
  • To set up Entitle’s agent in your chosen Kubernetes cluster, see Entitle's agent installation guide.

Add a new token

ℹ️

Note

The steps below are relevant for both types of tokens.

1. Locate the Tokens section.

2. Click Add to add a new API/Agent token. In the new row that appears insert the Token name, select an Expiration option from the dropdown menu, and insert the Token.

   ℹ️

   Note

   Make sure your Token name is not less than 2 characters long, or over 250 characters, as this will appear as an error.

3. This section has several additional functions:
   • Click the trash icon to delete your newly created token.
   • Click the eye icon to view your newly created token.
   • Click Revoke > Revoke token to remove an existing API/Agent token from the list.

Manage JIT requests (Just-In-Time)

This section explains how to:

• Set the access duration default for users requesting access
• Set up pending request reminders for approvers
• Set up request forwarding (i.e. forward requests from one user to another)

Set the access duration default

1. Locate the JIT requests section.

2. Under Request duration default, select the durations for which an employee can request an ‘Entitlement’.

   Note: The defaults are pre-selected, and you can change them according to your preferences. Make sure to select at least one duration option.

   

Set up pending request reminders

This section enables the creation of reminders for pending requests, for specific days and times. The approvers will receive a Slack or Teams message on access requests that they have yet to respond to.

1. Locate the Pending request reminder section.

2. Select your reminder preferences in terms of days of the week as well as the specific time of day.

   

Set up request forwarding

This section allows you to view and set up request forwarding from one employee (Forward from) to another (Forward to).

This means that all the requests that should be approved by the original employee will instead be redirected, and require the new approver

1. Locate Forward request approvals.

2. Click Add to add a new forward. Select a user to Forward from, and a user to Forward to.

   

3. Click the trash icon to remove a forward from the list. Click Delete forward to complete the action.

Manage access review

This section allows you to perform the following actions:

• Set access review reminders for reviewers
• Set access review forwarding (i.e. forward access review from one reviewer to another)
• Immediately revoke access to a role to which access was denied during an access review

Set access review reminders

This section enables the creation of reminders for Access reports, for specific days and times. The approvers will receive a Slack or Teams message on access reviews that they have yet to respond to.

1. Locate the Access review section.

2. Under Access review reminder, select your reminder preferences in terms of days of the week as well as the specific time of day.

   

Forward access reviews

This section allows you to set up Access Review forwarding from one employee (Forward from) to another (Forward to).

This means that all the access reports that are assigned to the original employee will instead be redirected, and require the new approver’s review.

1. Locate the Forward access review section.

2. Click Add to add a new forward. Select a user to Forward from, and a user to Forward to.

   

3. Click the trash icon to remove a forward from the list. Click Delete forward to complete the action.

Immediate revoke

1. Locate the Immediate revoke checkbox.
2. When enabled, this section allows you to immediately revoke access to a role to which permission was denied during an access review.

   ℹ️

   Note

   The Immediate revoke option is disabled by default.

View and manage audit log webhooks

This section allows you to view your existing webhooks as well as add new ones.

1. Locate the Audit logs section.

2. Click Add to add a new webhook and proceed with the Audit log streaming guide.

   

3. To delete a webhook from the table, click Remove > Delete.