Birth rights

This concept in identity management is indicating the fact that identities, based on their attributes ( e.g. belonging to a certain organisation ) are to acquire roles or other relationships by default.

One can make a difference between:

Role birthrights : based on
- organisation : if you have a valid assignment to an organisation
- organisation type
- identitytype : if you belong to a certain type of identities
- identity : if you are a specific identity
- role : if you have a specific role, you automatically obtain another role
- function: if you have a function
Organisation birthrights
- identitytype
- organisation

It is defined as a scheduler in the schedulers section.

Following configuration can be changed

Name

Description

organisationFilter

the organisation for which this scheduler is intended for ( required )

entitlements

the list of entitlements that has to be assigned to the targets (required)

identityFilter

the email address of the identity for which this scheduler is intended for ( optional )

So a valid configuration for giving all identities have a organisation assignment with organisation with code AAA a entitlement with code BBB would be:

{ 
    "Birthright configuration one": 
    {
       "entitlements" : ["BBB"], 
       "organisationFilter" : "AAA" 
    }
 }

The scheduler will only create a entitlement assignment when there is not yet any found for the entitlement code. It will not extend existing or expired assignments

Giving a specific person with email homer@springfield.com entitlement YYY and ZZZ within organisation AAA

{
  "Birthright configuration specific identity" : 
     { 
        "entitlements" : ["YYY","ZZZ"], 
        "organisationFilter" : "AAA", 
        "identityFilter" : "homer@springfield.com" 
     }
 }

The end date of the assignment is calculated based on the value of the attribute defaultDurationInMonths of the entitlement specified

Previous(Re)Certification NextNotifications

Last updated 2 months ago