Default sign-on token API entitlements
If you do not restrict API access, the following entitlements are granted to the application sign-on token.
Default sign-on token entitlements for tenants with a single sign-on subscription
| Entitlement | Description |
|---|---|
| authn | Authenticate yourself |
| createPrivacyConsent | Create privacy consent records |
| manageAuthenticators | Manage authenticator registrations for yourself |
| manageDevices | Manage only your devices |
| manageEnrollMFAMethod | Manage own second-factor authentication enrollment |
| manageProfile | Manage profile |
| managePwdVault | Manage own password vault |
| manageRequests | Manage requests |
| manageSelfPrivacyConsent | Manage your privacy consents |
| performDSP | Retrieve privacy purposes and associated user's consent |
| performDUA | Check for data usage approval |
| readAuthenticators | Read authenticator registrations for yourself |
| readDevices | Read only your devices |
| readEnrollMFAMethod | Read own second-factor authentication enrollment |
| readPwdVault | Read own password vault |
| readSelfPrivacyConsent | Read your privacy consents |
| recoverUsername | Recover user name |
| requestApplications | Request applications |
| resetPassword | Reset password |
| verifyAuthenticator | Perform functions of an authenticator |
| viewLaunchpad | View launchpad |
| viewNotifications | View notifications |
Note: Tenants that have an Identity governance subscription also receive the
manageAcessRequest entitlement.
For more information about entitlements, see Access entitlements.