Entitlements

What is the Entitlements page?

Entitlements grant an account a higher level of access or privileged permissions. The Entitlements page displays your detections and identities by recommended solutions to potential risks.

Privilege is broken down into Highest, High, Moderate, Low, None, and Undetermined, based on each entitlement's administration and access capabilities.

How is it useful?

The Entitlements page allows you to review the key entitlements associated with your organization, and evaluate whether to remove or replace them with lower privileges. It allows you to view which accounts have access to your organization's key entitlements.

Evaluating entitlements detected by Insights can identify concerns like dormant account access, over-permissioned accounts, and the environments and sources to which they are provisioned.

Use the page to discover how many accounts have access to high-level administrative privileges, and view which entitlements grant access to connected applications or permissions.

The Entitlements page

Entitlements display in order of privileged access and associated accounts by default. View entitlements by provider, type, amount of privileged access, and more.

Click on any entitlement summary to display a detailed list of the accounts privileged with the selected entitlement, including the source system, account name, and provider. Columns can be shown or hidden using checkboxes by clicking the Columns button.

Administration menu: Access Pathfinder administration pages if you are assigned as an administrator.
Header: Select a tenant or Administration from the menu, manage your profile, and change the display theme.
Filters: Select a filter to refine your results. Click Reset Filters to remove all filters from your results. Click Add Filter to create a filter.

Filter types

Name: The name of the entitlement. Enter text in the Name box to search, optionally, select a filter. Filters include is equal to, is not equal to, Contains, Starts with, Ends with, and Does not contains.

Privilege: The level of the entitlement: Highest, High, Moderate, Low, None, and Undetermined

Type: The type of entitlement. Select a type from the list to filter the records.

Provider: The name of the connector. Select a name from the list to filter for that provider.

Location: The location of the provider.

Scope: Entitlements associated with environments, groups, and more. Enter text in the Scope box to search , optionally, select a filter. Filters include is equal to, is not equal to, Contains, Starts with, Ends with, and Does not contains.

Accounts: The number of accounts assigned the entitlement. Enter a number in the Accounts box to search, optionally, select a filter. Filters include is equal to, is not equal to, Is greater than, Is greater than or equal to, Is less than, and Is less than or equal to.

List options: Click to refresh the list, to download the list to a .csv file, and to select which columns to display on the page.
Entitlements list columns:

Column names

Name: The name of the entitlement.

Privilege: The level of the entitlement: Highest, High, Moderate, Low, None, and Undetermined

Type: The type of entitlement. Examples include: API permission, Group member, RBAC role, role.

Provider:The name of the connector.

Location: The location of the provider.

Scope: Entitlements associated with environments, groups, and more.

Accounts: The number of accounts assigned the entitlement.

Detect entitlement-related risks

The Entitlements page can highlight unnecessary, unusual, or unused levels of privileged access.

Sort your entitlements by Privilege to display the highest level of privileged permissions.
Organize entitlements by Source and Provider to show only detections associated with the selected system, or filtered by Scope to show entitlements associated with environments, groups, and more.
Filter the Type column by Role, Permission, App (such as associated Identity Providers), and Group.