2.0 Checklist for Implementing Entitlements

Use the following checklist to ensure that you complete all of the tasks required to implement entitlements for an Identity Manager driver. The tasks are listed in the recommended order of completion, but you can change the completion order if necessary.

Table 2-1 Entitlements Checklist



  • Enable the driver to support entitlements

The driver must be configured to listen for entitlement events. You enable the driver by modifying the driver filter to add the DirXML-EntitlementRef attribute to the User class.

The following drivers are already enabled for entitlements. You do not need to complete this task for these drivers:

  • Active Directory

  • GroupWise

  • LDAP

  • Linux and UNIX

  • Lotus Notes

  • RACF

For enablement instructions, see Section 3.0, Enabling Entitlements on a Driver.

  • Create entitlements

Entitlements represent resources in connected systems. When creating an entitlement, you create it on the driver that is associated with the connected system where the entitlement’s resource is located.

For instructions, see Section 4.0, Creating Entitlements.

  • Create policies to support the entitlements

Entitlements are implemented by adding new driver policies or modifying existing policies.

For instructions, see Section 5.0, Creating Policies to Support Entitlements.

  • Set up an entitlement agent to manage the entitlements

The entitlement agent is responsible for granting or revoking entitlements for users. You can use any of the following entitlement agents: