There are different types of users in Cloudentity with different sets of roles. These roles are defined in the form of Entitlements and Entitlement groups. For instance an Admin user can perform various operations based on the entitlements that he/she has. They will not be able to perform a certain operation if they do not have the entitlement that is needed to perform that operation. Super Admins and Admins can grant or revoke Entitlements and Entitlement groups to a user.

Types of Entitlements

There are four different types of users in Cloudentity:

  1. Unregistered User

  2. Registered Non Admin User

  3. Organization Admin User

  4. Super Admin User

Pre-defined Entitlements and Groups

Below is the table of Entitlements and Entitlement Groups that these different types of Users possesses :-

Unregistered User

None

None

Registered Non Admin User

A Registered Non Admin User does not posses any particular Entitlement.

A Registered Non Admin User does not posses any particular Entitlement it just possesses the single Entitlement group called SELF_USER_ENTITLEMENT_GROUP. This Entitlement group contains the following Entitlements :-

SELF_ACCEPT_USER_EULA SELF_ADD_EMAIL_OR_MOBILE SELF_CHANGE_PASSWORD SELF_CONFIRM_AUTH_SECRET SELF_FORGET_DEVICE SELF_GET_AUTH_SECRET SELF_GET_CUSTOMER SELF_GET_USER SELF_INVALIDATE_DEVICE_SESSIONS SELF_LIST_DEVICES SELF_LIST_USER_CUSTOMERS SELF_REMOVE_IDENTIFIERS SELF_RESET_AUTH_SECRET SELF_SEND_VERIFICATION_CODE SELF_SET_MFA_METHOD SELF_SET_USER_KBA_RESPONSES SELF_CHANGE_UID SELF_UPDATE_USER SELF_VERIFY_IDENTIFIER SELF_ACCESS_OPENID_CONNECT SELF_MANAGE_OAUTH_CONSENTS

Organization Admin User

An Organization Admin User possesses the following Entitlements :-

ADMIN_ACCESS_APPLICATIONS ADMIN_ACCESS_DASHBOARD ADMIN_MANAGE_APPLICATIONS ADMIN_MANAGE_AUTHZ_APPLICATION_POLICIES ADMIN_MANAGE_MICROSERVICES ADMIN_MANAGE_PERMISSIONS ADMIN_TRIAL_SETUP SELF_ACCESS_OPENID_CONNECT SELF_MANAGE_APPLICATIONS

An Organization Admin possesses the following Entitlement Groups :-

ADMIN_MANAGE_USERS DEVELOPER_GROUP SELF_USER_ENTITLEMENT_GROUP The Entitlements that are contained by the Entitlement Group called SELF_USER_ENTITLEMENT_GROUP are explained in the previous column.

The Entitlement Group called ADMIN_MANAGE_USERS contains the following Entitlements :-

ADMIN_LIST_USERS ADMIN_GET_USER ADMIN_UPDATE_USER ADMIN_CREATE_USER ADMIN_DELETE_USER ADMIN_ACTIVATE_USER ADMIN_DEACTIVATE_USER ADMIN_SEND_ACTIVATION_MESSAGE The Entitlement Group called DEVELOPER_GROUP contains the following Entitlements :-

SELF_ACCESS_OPENID_CONNECT SELF_ACCESS_APPLICATIONS

Super Admin User

A Super Admin posses the following Entitlements :-

ADMIN_ACCESS_DASHBOARD ADMIN_ACTIVATE_CUSTOMER ADMIN_ACTIVATE_ORGANIZATION ADMIN_ADD_EMAIL_OR_MOBILE ADMIN_ADD_ENTITLEMENT_TO_GROUP ADMIN_ADD_TO_USER_CUSTOMERS ADMIN_ADD_USER_ROLE ADMIN_ALL_CUSTOMERS ADMIN_ASSIGN_IOT_DEVICE_TO_CUSTOMER ADMIN_ASSIGN_IOT_DEVICE_TO_USER ADMIN_ASSIGN_USER_TO_IOT_DEVICE ADMIN_COMPLETE_FEDERATION_AUTHENTICATION ADMIN_CREATE_CUSTOMER ADMIN_CREATE_ENTITLEMENT ADMIN_CREATE_ENTITLEMENT_GROUP ADMIN_CREATE_IDP ADMIN_CREATE_IOT_DEVICE ADMIN_CREATE_ORGANIZATION ADMIN_CREATE_SP ADMIN_DEACTIVATE_CUSTOMER ADMIN_DEACTIVATE_ORGANIZATION ADMIN_DELETE_BRUTE_FORCE_ATTEMPTS ADMIN_DELETE_BRUTE_FORCE_USER_ATTEMPTS ADMIN_DELETE_CUSTOMER ADMIN_DELETE_ENTITLEMENT ADMIN_DELETE_ENTITLEMENT_FROM_GROUP ADMIN_DELETE_ENTITLEMENT_GROUP ADMIN_DELETE_IDP ADMIN_DELETE_IOT_DEVICE ADMIN_DELETE_ORGANIZATION ADMIN_DELETE_ORGANIZATION_API_KEY ADMIN_DELETE_SP ADMIN_DELETE_USER_ROLE ADMIN_DELETE_USER_TRUSTED_DEVICES ADMIN_GET_BRUTE_FORCE_CONFIG ADMIN_GET_BRUTE_FORCE_USER_ATTEMPTS ADMIN_GET_CUSTOMER ADMIN_GET_CUSTOMER_ENTITLEMENTS ADMIN_GET_CUSTOMER_ENTITLEMENT_GROUPS ADMIN_GET_ENTITLEMENT ADMIN_GET_ENTITLEMENT_GROUP ADMIN_GET_IDP ADMIN_GET_IOT_DEVICE ADMIN_GET_ORGANIZATION ADMIN_GET_SP ADMIN_GET_USER_ENTITLEMENTS ADMIN_GET_USER_ENTITLEMENT_GROUPS ADMIN_GET_USER_ROLES ADMIN_GET_USER_VIA_HMAC ADMIN_GRANT_ANY_ENTITLEMENT ADMIN_GRANT_ANY_ENTITLEMENT_GROUP ADMIN_GRANT_ENTITLEMENT ADMIN_GRANT_ENTITLEMENT_GROUP ADMIN_GRANT_ENTITLEMENT_GROUP_TO_CUSTOMER ADMIN_GRANT_ENTITLEMENT_TO_CUSTOMER ADMIN_GRANT_USER_ENTITLEMENT_GROUP ADMIN_LIST_CUSTOMERS ADMIN_LIST_CUSTOMER_USERS ADMIN_LIST_ENTITLEMENTS ADMIN_LIST_ENTITLEMENTS_IN_GROUP ADMIN_LIST_ENTITLEMENT_GROUPS ADMIN_LIST_IDPS ADMIN_LIST_IOT_DEVICES ADMIN_LIST_SPS ADMIN_LIST_USER_CUSTOMERS ADMIN_LIST_USER_IOT_DEVICES ADMIN_MANAGE_AUTHZ_APPLICATION_POLICIES ADMIN_MANAGE_AUTHZ_POLICIES ADMIN_MANAGE_MICROSERVICES ADMIN_MANAGE_OPENID_CONNECT ADMIN_MANAGE_PERMISSIONS ADMIN_REMOVE_CUSTOMER_API_KEY ADMIN_REMOVE_FROM_USER_CUSTOMERS ADMIN_REMOVE_IDENTIFIERS ADMIN_REQUEST_RESET_MFA_CREDENTIALS ADMIN_REQUEST_RESET_PASSWORD ADMIN_REQUEST_RESET_PASSWORD_FROM_ALTERNATE ADMIN_REQUEST_VERIFICATION_EMAIL ADMIN_RESET_AUTH_SECRET ADMIN_RESET_CUSTOMER_API_KEY ADMIN_RESET_ORGANIZATION_API_KEY ADMIN_RESET_OTP_MFA_ENROLLMENT ADMIN_RESET_USER_API_KEY ADMIN_RESET_USER_EULA ADMIN_RESET_USER_KBA ADMIN_REVOKE_ANY_ENTITLEMENT ADMIN_REVOKE_ANY_ENTITLEMENT_GROUP ADMIN_REVOKE_ENTITLEMENT ADMIN_REVOKE_ENTITLEMENT_FROM_CUSTOMER ADMIN_REVOKE_ENTITLEMENT_GROUP ADMIN_REVOKE_ENTITLEMENT_GROUP_FROM_CUSTOMER ADMIN_REVOKE_USER_ENTITLEMENT_GROUP ADMIN_TRIAL_SETUP ADMIN_UNASSIGN_IOT_DEVICE_FROM_CUSTOMER ADMIN_UNASSIGN_IOT_DEVICE_FROM_USER ADMIN_UNASSIGN_USER_FROM_IOT_DEVICE ADMIN_UPDATE_CUSTOMER ADMIN_UPDATE_ENTITLEMENT ADMIN_UPDATE_ENTITLEMENT_GROUP ADMIN_UPDATE_IDP ADMIN_UPDATE_IOT_DEVICE ADMIN_UPDATE_ORGANIZATION ADMIN_UPDATE_SP ADMIN_UPDATE_USER_CUSTOMERS ADMIN_UPDATE_USER_ROLES ADMIN_VALIDATE_API_KEY ADMIN_VALIDATE_ENTITLEMENT CARD_MANAGEMENT LIST_CARDS SELF_ACCEPT_USER_EULA SELF_ACCESS_OPENID_CONNECT SELF_ADD_EMAIL_OR_MOBILE SELF_CHANGE_PASSWORD SELF_CHANGE_UID SELF_CONFIRM_AUTH_SECRET SELF_CONFIRM_PASSWORD_RESET SELF_CONFIRM_VERIFICATION_EMAIL SELF_FORGET_DEVICE SELF_GET_AUTH_SECRET SELF_GET_CUSTOMER SELF_GET_CUSTOMER_IN_SESSION SELF_GET_IOT_DEVICES SELF_GET_USER SELF_INVALIDATE_DEVICE_SESSIONS SELF_LIST_DEVICES SELF_LIST_USER_CUSTOMERS SELF_REMOVE_IDENTIFIERS SELF_REQUEST_PASSWORD_RESET SELF_REQUEST_VERIFICATION_EMAIL SELF_RESET_AUTH_SECRET SELF_SEND_VERIFICATION_CODE SELF_SET_MFA_METHOD SELF_SET_USER_KBA_RESPONSES SELF_UPDATE_USER SELF_UPDATE_USER_CUSTOMER_IN_RECORD SELF_UPDATE_USER_CUSTOMER_IN_SESSION SELF_VERIFY_IDENTIFIER

A Super Admin User possess the following Entitlement Groups :-

ADMIN_MANAGE_APPLICATIONS_GROUP ADMIN_MANAGE_USERS The Entitlement Group called ADMIN_MANAGE_APPLICATIONS_GROUP contains the following Entitlements :-

ADMIN_ACCESS_APPLICATIONS ADMIN_MANAGE_APPLICATIONS SELF_MANAGE_APPLICATIONS SELF_ACCESS_APPLICATIONS The Entitlement Group called ADMIN_MANAGE_USERS contains the following Entitlements :-

ADMIN_LIST_USERS ADMIN_GET_USER ADMIN_UPDATE_USER ADMIN_CREATE_USER ADMIN_DELETE_USER ADMIN_ACTIVATE_USER ADMIN_DEACTIVATE_USER ADMIN_SEND_ACTIVATION_MESSAGE

See Also

entitlementService API Documentation