Assign entitlements to users

You can assign entitlements to users with any of the following methods:

Assign apps to users and groups

Entitlements are assigned to users when you assign the app. You can select whether the entitlements are assigned using policy rules or by individual assignment (custom values). This is possible if you've enabled Governance Engine for the app and created entitlements.

Before you begin

  • Sign in as a super admin, an app admin, or an admin with the following permissions:

    • Manage applications

    • Edit application's user assignments

    • Edit groups' application assignments or Edit users' application assignments

  • Ensure that you're assigned to the Okta Entitlement Management application.

Start this task

  1. In the Admin Console, go to ApplicationsApplications.
  2. Select an app.
  3. Go to the Assignments tab.

    You can view the users assigned to the app. If the user isn't already assigned to the app, assign the user to the app before you proceed to the next step. See Assign app integrations.

  4. Open the Assign dropdown menu and select one of the following options:

    • People or Users.

      1. Select a user and click Assign.

      2. Review the user details to use in the app.

      3. Click Assign and continue.

      4. Select either Policy or Custom values from the Entitlement assignment method dropdown menu to determine how the user gets their entitlements for the app. Policy is selected by default.

      5. Optional. Select Custom values, and then select values for the entitlements you want to assign.

      6. Click Assign entitlements.

      7. Optional. Repeat steps a-f to assign the app to more users.

    • Group

      1. Select a group and click Assign.

      2. If the group already has group attributes, review them and click Assign.

Entitlement assignment source

Okta records the source of each entitlement by labeling it with one of the following types:

  • Policy: Policies set these entitlements.

  • Custom: These are entitlements that existed before you enabled Governance Engine, entitlements that were changed by an admin or by import, or entitlements applied to a user that are from a combination of policies and bundles.

  • Pending: The app has been assigned through an import or group app assignment, but processing to grant entitlements hasn't occurred.

Assign entitlements with a policy

To assign entitlements to your users based on their profile attributes or group memberships, add a policy rule and then apply the policy.

In Okta-sourced groups, entitlements are granted only when a user meets the conditions of a policy rule. If a user meets the conditions of more than one rule, that combination determines their entitlements. If their profile attributes or group memberships change and they no longer meet the conditions, the entitlements are revoked.

Okta records the entitlement assignment type as Policy. See Entitlement policy and Create an entitlement policy for more information.

Related topics

Entitlement policy

Create an entitlement policy

Revoke entitlements in downstream apps