24.0 Extending Custom Entitlements

A driver entitlement represents a permission in an application (for example, Active directory) such as group membership, account, or any other entitlement or permission that an application uses. When a user is granted an entitlement in Identity Manager, a user attribute DirXML-EntitlementRef is generated with reference to the Identity manager driver entitlement and an entitlement value. A driver having this entitlement performs provisioning based on the type of the entitlement (group, account, role, and so on).

You can dynamically create resources with custom entitlements with permission values from a connected system, and also create permission assignments between Identity Manager resource model and connected systems. The following figure depicts how permissions flow from a connected system to the Resource Catalog and then into the Identity Vault.