RapidIdentity Product Guides - 2019 Rolling Release

Entitlements Tab

The Entitlements tab displays available entitlements to map to new and current categories. If entitlements do not exist, the right interface section will appear grayed and inaccessible.

Entitlement contain four subtabs allowing administrators to createremove, and edit Workflow module entitlements.

The Entitlements tab interface may appear blank, initially. To add a new classification, click the plus icon.


For each newly created entitlement, RapidIdentity Portal requires administrators to name and select the appropriate binding. The available binding choices are:

  1. SINGLE: one instance per user

  2. MULTI_BOUND: multiple instances per user

  3. MULTI_UNBOUND: multiple instances per user, non-binding

  4. COMPOSITE: one instance per user

Composite entitlements function as a group of SINGLE binding entitlements

After selecting a binding and clicking Create, the binding is fixed.

If an error occurs, the entitlement must be removed completely with the minus icon, and the process to create a new entitlement must start over.

Once the name and binding fields are selected, the new entitlement will display in the left interface, and four additional subtabs will display on the right interface. The binding determines additional subtab availability.

Each entitlement will have a fixed ID that is unique within RapidIdentity Portal. The remaining entitlement fields are editable, including the entitlement name, to suit the organization's needs.


Entitlements General subtab Fields

Table 307. Entitlements Fields

Field Name



Descriptive display name for the category.


Description of the category.


Active or Inactive.


Icon to associate with the entitlement when it is displayed in the UI. This can be an icon in the icon list or any HTTP location.

Enable RBAC

Enables or disables Role Based Access Control.


Only members of the specified roles will have access to this Entitlement.

Role Exclusion ACL

Only non-members of the specified Role(s) will have access to this Entitlement.

Enable ABAC

Enables or disables Attribute Based Access Control

Filter ACL

Only users matching the specified LDAP attribute will have access to this Entitlement.

Entitlement Owner

Entitlement owners can be individual persons or a predefined Role(s). When a Role is used to own an entitlement, all members of that Role own the entitlement.


Orders this resource on the dashboard and requests tab. A priority of -1 gives it no special ordering. 1 is the top priority and is listed first.


Administrators can choose to have entitlements never expire, expire a selected time from now, or on a selected date.

Click the desired option and, if selecting days or date, click the listed value to configure.


The entitlement expires a selectable time (years, months, weeks, days, hours, minutes) from now.


The entitlement expires on the selected date every year.

Force Expiration

Administrators can force entitlement expiration to occur on a selectable time (years, months, weeks, days, hours, minutes) from now or on a selectable date, similar to time- and campaign-based expiration.

Disable certification and extension

When checked, the entitlement can neither be certified nor extended.

May not be requested in the UI

When checked, the entitlement will not display to users in the Requests tab when the entitlement is neither granted nor revoked. If the box is checked and the entitlement is in the process of being granted, the entitlement displays in the Requests tab.

Grant Workflow

The Workflow Definition to use when the Entitlement is being granted.

Grant Workflow Form

If the Grant Workflow has forms defined, you may pick a form that should be used for the Entitlement grant process.

Revoke Workflow

The Workflow Definition to use when the Entitlement is being revoked. If not chosen, it defaults to the Grant Workflow. This option is not available for MULTI_UNBOUND Entitlements since those are not revokable.

Revoke Workflow Form

If the Revoke Workflow has forms defined, pick a form that should be used for the Entitlement revoke process. This option is not available for MULTI_UNBOUND Entitlements since those are not revokable.

Data Classification

The Data Classification associated with the Entitlement.