<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
OIG Entitlement Assignment Grant Types
Aug 23, 2024
Okta Classic Engine
Identity Governance
Okta Identity Engine

Overview

Within Entitlement Management users can be assigned multiple ways.  Depending on the path, users may receive updates or may be treated as one-off assignments. This article provides details on the various ways users are assigned entitlements.

Applies To

  • Okta OIG Entitlements
  • Okta Identity Governance API

Solution

Assignment Types

Policy

  • Users assigned to an application directly have the option to be assigned as Policy (birthright) Assignment Type.
  • User’s assigned to Policy via a Policy rule.
    • As the user's attributes or group membership change, entitlements will change based upon policy rules.
  • Can request additional entitlements bundles with Access Requests

 

policy assignment type.png

 

Custom

  • Users assigned to an application directly have the option to be assigned as Custom Assignment Type.
  • User’s assigned to Custom
    • No Policy rules will run against users assigned to this type.
    • End users can request new entitlement bundles through Access Requests.  
    • If Reverted to Policy, the user will be stripped of all Custom entitlements and bundles.

 

custom assignment type.png

Methods of granting entitlements

  1. Policy
  2. Entitlement Bundle
  3. Admin UI
  4. Grant API

Assignment of users to an application and Assignment Types

  • Users can be assigned to an application via group or during individual assignment, Policy is selected.  This assigns the user as Policy Assignment Type.
  • Users can be assigned to an application directly in the Admin UI.  If the admin chooses Custom they must assign custom entitlements as well.   
  • Users can make an Access Request and choose an Entitlement Bundle, the user is assigned to the target application directly as Custom in addition to being granted the bundle.  No Policy rules will apply to this user.

Note: If the target application requires birthright entitlements to exist prior to any additional Entitlement Bundles, the user must be Reverted to Policy first and then re-request any additional entitlements via a bundle or assigned a bundle via Grant API.

 

Related References

Looking for Okta Identity Governance help? Visit the Okta Identity Governance Product Hub or schedule Office Hours with the Okta Identity Governance team. 

Recommended content

Still looking for help?
Loading
OIG Entitlement Assignment Grant Types