Manage user entitlements

You may need to review or edit an individual user’s entitlements if the user’s project assignment changes, they need access to entitlements for a short interval, or they no longer need access to certain entitlements.

Before you begin

  • Sign in as a super admin, an app admin, or an admin with the following permissions:

    • Manage applications

    • Edit application's user assignments

    • Edit groups' application assignments or Edit users' application assignments

  • Ensure that you're assigned to the Okta Entitlement Management application.

  • Check that you've enabled Governance Engine for the app and created entitlements.

  • Ensure that the application is assigned to the user.

  • Optional. Enable the Access requests conditions and Resource catalog feature to view or change user's access expiration for the entitlements and apps.

Start this task

  1. In the Admin Console, go to ApplicationsApplications.

  2. Select an app.

  3. Go to the Assignments tab.

  1. Open the options menu associated with the user.

  2. Click View entitlements or View access details.

  3. On the Entitlements panel, click Edit or Edit access.

  4. Optional. Remove entitlement bundles that the user requested was assigned by Access Requests.

  5. Select from one of the following options. The available options vary depending on the existing entitlement assignment method.

    • Apply policy
    • Revert to policy

      Reverting to policy removes all existing entitlements and bundles for the user. The user's entitlements are then governed by policy rules. If the user's profile attributes meet the conditions of policy rules, entitlements are assigned to the user.

      Click Revert to confirm.

    • Customize entitlements

      1. Select this option to assign individual entitlements to users. When you customize entitlements, the following occurs:

        • All existing entitlement assignments are removed.

        • Policy rules no longer apply to this user. The user can request bundles using Access Requests later.

      2. Choose from the available entitlement values to assign entitlements to the user.

      3. Click Save.

      When you change the assignment source, Okta also resets the app expiration for the user and sets the expiration to never expire.

  6. Optional. Click Edit associated with Access expires to update the duration of user’s access to the app. Follow the prompts in the UI to set the access duration and click Save. It may take a few minutes after the expiration for Okta to revoke the user's access.

    The app access expiration that you set must not be less than the access expiration of any entitlement bundles assigned to the user.

Related topics

Identity Governance Reports