As an application owner, set or modify who is entitled to access the application based on
the necessity and relevance of the application to the user or group. Users must be entitled to the application to view and access the
application from the Verify home page or to sign on to the
target application's web page.
Before you begin
Log in to IBM® Security Verify.
About this task
This feature is available in a Verify subscription and in a combination of Verify and Verify
subscription.
Subscription Plans |
Verify |
Verify |
On
Entitlements, you
can view the list of applications that you own. You can grant or remove all users access to the
application with the
All users are entitled to this application option. For
individual or multiple users or groups' access entitlements, see the following:
Entitlements is only visible to
users who are members of the application owners
group. If you are added in the
application owners
group but not assigned as an owner of any application, no
application is displayed in your Entitlements. As such, you cannot
grant application access to any users or groups.
Note: To entitle groups from a SAML enterprise identity source, your Verify administrator must create
shadow groups in the cloud directory and use the same names as the groups in your SAML enterprise identity source. The
shadow groups need not be populated with any members. The shadow group
serves as a placeholder that represents the SAML enterprise group.
Procedure
- Click the
icon besides your account name and select Switch to admin.
Note: Entitlements are no longer managed from the user launchpad.
-
Navigate to Applications.
- Search and view the application.
- Use the Search field for a filtered list of data.
You can sort the list by application name.
- Select the application to view its Entitlements Summary.
- Select the application and click the Edit icon.
- Select the Entitlements tab.
-
Assign application entitlements.
Hover over the application that you want to manage and click the

icon when it appears.
- Select Automatic access for all users and groups to entitle all users
and groups to access the application.
- Select Approval required for all users and groups to require approval
before granting the entitlement all users and groups to access the application. Select one or more
approvers.
Note: If User's manager and Application
owner are both selected, the approval workflow is done in sequence. The manager must
first approve, then any of the application owners can approve the access.
- Select Select users, groups, dynamic
roles, and assign individual accesses to entitle only
selected users and groups and dynamic roles, to access the application.
Select one or more approvers.
Note: If User's manager and
Application owner are both selected, the approval workflow is done in
sequence. The manager must first approve, then any of the application owners can approve the
access.
- Click Add. The
Select User/Group dialog box is displayed.
- Use the Search field for a filtered list of
data.
- elect the users or groups from the Matching Items list and click
Add.
- If you added users or groups in the Selected Items list by mistake,
select the entry from the Selected Items list and click
Remove.
- Optional: If the target user is not in the returned search results, click Add new
user. Use this option to create a cloud directory user or a
federated user who has not yet authenticated to Verify. See Creating a user.
Note: When you
click Save in the Add User dialog box, the user is
created and can be viewed or updated from Users & Groups.
- Click OK.
Note: If you added a user but choose to
Cancel, the user is not entitled to the application.
- Click Save.
-
Search and view the application entitlements.
-
Hover over the application and click the
icon when it appears.
-
Use the Search field for a filtered list of
data.
-
Select the name of the entitled user or group to display information in the
Details area.
Note: The information that is displayed varies depending on whether a user or group is selected.
Group information only includes the group name, and the name and email of the user who assigned the
entitlement.
Table 1. Displayed information
Information |
Descriptions |
Name |
Given name and surname of the user.Note: For federated users, this information is optional.
|
Email |
Email address of the user where notifications are sent such as the
user's new password after a reset request, or the one-time password.Note: For federated users, this information is optional.
|
Username |
Unique identifier for logging in to Verify. It can be the same as
the email address of the user.Note: For
federated users, the username is concatenated with an @ followed by the realm that is associated
with the identity provider from which the user information is retrieved. For example,
johnsmith@example.com@ADFS where johnsmith@example.com is the
user's registered user name and ADFS is the user's realm.
|
Assigner |
Given name and surname of the user who entitled the user or group to access the
application. |
Email |
Email address of the Assigner. |
-
Remove application entitlements.
-
Hover over the application and click the
icon when it appears.
-
Select the user or group that you want to remove.
Tip: You can select multiple entries.
-
Click Remove.
-
Confirm that you want to permanently delete the selected entitlement.
-
Click Save.