Documentation

Users | Entitle

Overview

The Users page is where Entitle admins can view and manage employees, permissions, integrations, accounts, tokens, and JIT request analysis. This page includes the following functionality:

Log in to Entitle and go to the Users page on the left-side menu.

View, search, sort, and filter employees’ accounts

Users table

  1. The table presents all your organization’s users within Entitle, the number of associated integration accounts, the number of permissions they have, the number of active personal access tokens, their direct manager, and their Entitle role.

  2. Search for specific employees by name.

  3. Sort employees based on the following criteria:

    • First name

    • Last name

    • Number of accounts

    • Number of permissions

    • Number of tokens

    • Direct manager

    • Deleted users

    ℹ️

    Users marked with the Deleted icon have been previously removed from the Entitle tenant.

  4. Filter according to the following categories:

    • User
    • Direct manager
    • Deleted users
    • Entitle role

  5. JIT request analysis opens a separate view where you can view and export reports showing which users are eligible to request which roles and resources.

  6. Clicking on a specific account will redirect you to the user screen, which has several key functionalities:

    1. At the top of the screen, you will see the employee’s email, Entitle role, and direct manager.
      ℹ️

      This is available only if HR is enabled in the IdP connection.

    2. Integration accounts, Permissions, and Tokens tabs:
      • Integration accounts: Manage your tenant’s integrations and associated accounts.
      • Permissions: View and manage employees’ permissions in Entitle. For further details, see View, sort, filter, and revoke employees' permissions.
      • Tokens: View all personal access tokens (PATs) associated with the user. From this view, admins can review token details and revoke tokens as needed.

Manage integration accounts

Inside the Integration accounts tab in the Users screen, you will be able to:

  1. View the integrations that were set up in your tenant and the accounts that have integrated them.
  2. Add account associations to integrations not yet mapped to the user
  3. Add account associations to integrations mapped to the user
  4. Remove account associations from integrations mapped to the user

Add account associations to integrations not yet mapped to the user

  1. To add an integration and account, click Add integration.

  2. Select an integration from the list or start typing to search for one. Integrations already shown in the Integration accounts tab do not appear in the list.

  3. Select an account from the list or start typing to search for one.

  4. Click Add integration.

    Add integration screen

  5. The integration and associated account appear as a new card in the Integration accounts tab.

Add account associations to integrations mapped to the user

  1. In the Integration accounts tab, locate the integration to which you want to add accounts.

  2. Click the + icon on the integration card.

  3. In the Add accounts dialog, select the accounts you want to associate, then click Add accounts.

Add accounts
  1. The associated accounts now appear on the integration card. Repeat this process to add additional accounts as needed.

Remove account associations from integrations mapped to the user

  1. In the Integration accounts tab, click the x icon next to the account you want to remove from the integration.

  2. In the confirmation dialog, click Remove account.

    ℹ️

    If you remove the only account associated with an integration, the integration is also removed.

Remove account

Manage permissions

  1. To view an employee's permissions, click anywhere in the user's row on the Users page.

  2. Go to the Permissions tab. This view includes the following functionality:Permissions tab for a user

    1. Permissions table: Displays all permissions assigned to the user, both inside and outside Entitle. The table includes the following columns:

      • Account
      • Integration
      • Resource type
      • Resource
      • Permission path
      • Permission type
      • Created
      • Expiration
        ℹ️

        For definitions of these concepts, see Definitions of key concepts in the Permissions documentation.

    2. Search: Search permissions by:

      • Account
      • Resource name
      • Role name

    3. Sort: Sort permissions by:

      • User
      • Account
      • Integration
      • Resource
      • Role
      • Permission path
      • Created
      • Expiration

    4. Filter: Filter permissions by:

      • Account
      • Integration
      • Resource type
      • Resource
      • Resource name
      • Role name
      • Permission path
      • Permission type
      • Created at
      • Expiration
      • Given by resource
      • Given by role

    5. Download as CSV: Download selected rows or, if no rows are selected, the entire table.

    6. Revoke: Revoke selected permissions.

      ℹ️

      For more information, see Revoke permissions in the Permissions documentation.

ℹ️

To view additional details about an integration, resource, or role, hover over the item. Click the item to open its details page.

Manage tokens

  1. To view an employee's tokens, click anywhere in the user's row on the Users page.

  2. Go to the Tokens tab. This view includes the following functionality:

    1. Personal access tokens table: Displays all personal access tokens assigned to this user. The table includes the following columns:
      • Token name
      • Created at
      • Expiration
      • Last used
    2. Search: Search tokens by token name.
    3. Sort: Sort tokens by:
      • Name
      • Created at
      • Expiration
      • Last used
    4. Filter: Filter tokens by:
      • Created at
      • Expiration
      • Expiration was set to
      • Expired
      • Last used
      • Token name
    5. Revoke: Revoke the user's personal access token.

View JIT request analysis

Admins and compliance users can use JIT request analysis to review just-in-time access eligibility across users, roles, and resources. The report includes every requestable role available to a user, whether through direct assignment, bundles, or virtual roles. Use this report to view who can request access, not who currently has access or who has requested access in the past.

ℹ️

If you do not see the JIT request analysis button, contact your BeyondTrust representative to request that the feature be enabled for your organization.

JIT request analysis table

This view provides the following capabilities for admins:

  1. View a table of users, roles, and resources that shows just-in-time access eligibility among them. The following columns provide details:

    • User
      ℹ️

      The user's name and email appear in the table; only the email address appears in the CSV export.

    • Application
      ℹ️

      This column appears only in the CSV export.

    • Integration
    • Resource
    • Role
    • Direct
    • Bundle
    • Virtual app
      ℹ️

      The Bundle and Virtual app columns appear only if bundles or virtual applications exist in your tenant. These columns may contain multiple values per row.

  2. Filter: Select one or more filters to control which data is displayed. Available filters include:

    • IdP group
    • On call
    • User
    • Integration
    • Integration name
    • Resource
    • Resource name
    • Role name
    • Direct
    • Bundle
    • Virtual app

  3. Download as CSV: Export a CSV file of the eligibility data shown in the table. When no filters are applied, the export includes all eligibility data, which is commonly required for audit purposes. When filters are applied, only the filtered results are exported.

    ℹ️

    If you select specific rows, only those rows are exported. If no rows are selected, the entire table is exported.

    The exported file is named using the following format:
    Entitle_exported_potential_jitroles%DATE_TIME%.csv

    The CSV reflects the table content with minor differences, such as the User column containing only the user's email address and the Application column appearing only in the exported file.

    To ensure an audit trail, each export of a JIT access report is recorded in the audit logs, including the user who performed the export and the time it occurred.

Updated 3 days ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.