Editing Entitlement
Background: If you want to edit the entitlements of the application, then this page will show you the complete process how to accomplish the same.
The first step of editing the entitlements for the application is go to the “Manage Catalog” section IDHub. Click on the Manage Catalog link in the left menu (Or you can also click on the Manage catalog link in the IDHub dashboard), then the following page would be displayed:
Let’s say you want to edit the entitlement of the application “ADP” shown in the list. Then you need to click on the EDIT icon, and this will open up the application wizard in the edit mode. Click on next button 2 times at the bottom of the wizard, which will bring the Edit Entitlement page as shown below:
This page will show all the entitlements for the application in the right hand side of the page. You can also search for the entitlements in the search bar at the top. For editing one of the entitlement, just click on the edit icon for that entitlement. (You can also remove the entitlement from the app, by clicking on the remove icon).
When the edit icon for that entitlement is clicked, this will show all the entitlement information in the right hand side of the page as shown below:
You can go ahead and change any of the entitlement information and after making the required changes, click on the submit button. IDHub would ask you enter a reason for the edit. Enter the reason of the edit at the bottom of the page and then click on the submit button.
Now the change in the entitlement for the application would go through the workflow life cycle of the application and will create a task/request for the same accordingly. Once the workflow is completed, the changes to the entitlement for the app would reflect accordingly.
Best Practices For Editing Entitlements
General principle while editing entitlements is that you have already pulled as much entitlement information from your target system to IDHub, so that you do not have to make edits to the entitlement frequently in IDHub. This is because, next time when the entitlements are synced and if there is changes in the entitlement in the target system, then it would override the entitlements in IDHub as well.
Consider a scenario, where some of the permissions / entitlements has a meta data say risk level. Now some of your entitlements can have a high risk level in your target system. Therefore when you are editing the entitlement make sure that you do the edit as per any additional meta data that you might have for those entitlements. For instance in this specific example, you might not need to edit the entitlements which has a high risk level meta data.