Documentation

Entitlements

Suggest Edits

What is the Entitlements page?

Entitlements grant an account a higher level of access or privileged permissions. The Entitlements page displays your detections and identities by recommended solutions to potential risks.

Privilege is broken down into Highest, High, Moderate, Low, None, and Undetermined, based on each entitlement's administration and access capabilities.

How is it useful?

The Entitlements page allows you to review the key entitlements associated with your organization, and evaluate whether to remove or replace them with lower privileges. It allows you to view which accounts have access to your organization's key entitlements.

Evaluating entitlements detected by Insights can identify concerns like dormant account access, over-permissioned accounts, and the environments and sources to which they are provisioned.

Use the page to discover how many accounts have access to high-level administrative privileges, and view which entitlements grant access to connected applications or permissions.

Use the grid

Entitlements display in order of privileged access and associated accounts by default. View entitlements by provider, type, amount of privileged access, and more.

Click on any entitlement summary to display a detailed list of the accounts privileged with the selected entitlement, including the source system, account name, and provider. Columns can be shown or hidden using checkboxes by clicking the Columns button.

ℹ️

Note

You can export the Entitlements page as a .csv using the Download button.

Detect entitlement-related risks

The Entitlements page can highlight unnecessary, unusual, or unused levels of privileged access.

  • Sort your entitlements by Privilege to display the highest level of privileged permissions.
  • Organize entitlements by Source and Provider to show only detections associated with the selected system, or filtered by Scope to show entitlements associated with environments, groups, tenants, and more.
  • Filter the Type column by Role, Permission, App (such as associated Identity Providers), and Group.

Updated about 1 month ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.