Types of users in Entitle
Key differences between Admins and regular users
Capability/Type of user | Admin user | Regular user |
---|---|---|
Access requests | Can configure how access is granted and who can approve requests. | Can request access to resources and respond to approval requests. |
Permissions | Can review and revoke permissions for all users in the organization. | Can view their own permissions. |
Integrations | Can add, configure, and manage integrations with various applications and services. | Limited to requesting access to integrated applications. |
Approval workflow/birthright policies | Can create, edit, and manage approval workflows and birthright policies that control access to resources. | Can utilize the approval workflows and birthright policies set by admins when requesting resources. |
User management | Can manage users in the organization including adding or removing admins and reviewing permissions of other users. | Cannot manage other users. |
System configuration | Can configure various settings of the Entitle system including integration, audit logs, and user configurations. | Cannot modify system settings. |
Below you can find a more in-depth description of the different capabilities Admins and regular users have in Entitle:
Admin capabilities
- Integration management: Admins can connect Entitle to various applications and services. They can add new integrations, and disconnect them. Admins can also define the owner of the integration, which is used for administrative purposes and approval workflows.
- Approval workflows and birthright policy management: Admins can define and manage approval workflows, create custom policies to manage access to resources, and set up rules for integrations' resources and roles.
- User management: Admins can view a list of all users in the organization and their permissions. They can also add or remove organization admins.
- Permission management: Admins can review and revoke user permissions. They can also set up User Access Review campaigns to manage access rights. Additionally, admins can define which integration access changes require their attention.
- Notification configuration: Admins can configure notifications for external permission changes. Notifications can be sent to Entitle Admins and integration owners via Slack/Teams.
- Access review management: Admins can create and manage periodical access review campaigns for the entire organization.
- Agent management: Admins can keep track of Entitle Agents and generate new ones.
- API token management: Admins can manage API tokens to automate Entitle administration.
- Settings configuration: Admins can manage settings such as allowed permission durations, time zones, and access request forwards.
- Audit log configuration: Admins can add or remove webhooks from different SIEM tools that have been integrated with Entitle. They can also configure audit log webhooks.
- View permissions graph: Admins can utilize the Permissions Graph to identify overprivileged or unknown identities and unwanted permission chains.
- Manage bundles: Admins can define and manage bundles, which are sets of entitlements that can be requested, approved, or revoked in a single action.
- Force revoke access: Entitle provides administrators with the ability to force revoke access to a user.
- Prerequisites permissions: Entitle allows administrators to define prerequisite permissions for a resource, so users requesting the resource will also receive the necessary prerequisite permissions.
- On-Call system configuration: Admins can connect Entitle to on-call systems like Opsgenie and PagerDuty and define policies or workflows that provide on-call employees with access to applications.
Regular user capabilities
- Request access: Regular users can request just-in-time access to applications and resources. They can also request access on behalf of other users.
- Respond to requests: Users can respond to access requests that are awaiting their approval if they are defined as approvers in the organization.
- Track requests: Users can track their previous access requests in Entitle. They can also view all the access requests they have ever submitted.
- View permissions: Users can see the permissions they have for their organization's applications.
- Request to renew permissions: Users can easily request to renew permissions that have expired or are about to expire.
- Use Entitle interfaces: Users can interact with Entitle through the web app, Slack, and Microsoft Teams.
- Utilize bundles: Users can request permissions for all the bundles defined in the Bundles screen, just as any other resource managed by Entitle.
Updated 9 days ago