An entitlement agent grants an entitlement to a user when criteria are met. You must create and configure one of the following entitlement agents for use with the preconfigured entitlements in the SAP User Management Fan-Out driver.
Role-Based Entitlements (RBE):
Manages entitlements based on the events that occur in the Identity Vault. It is used for simple automation. For example, when a user is added to the HR system, the user is automatically granted accounts in other systems. This requires an Entitlements driver created with policies that define the desired action. For instructions, see the Checklist for Implementing Entitlements
in the Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide.
Workflow: Manages entitlements through provisioning workflows. It is used when approvals are required. For example, when a user is added to the HR system, the manager must approve the accounts for the user. This requires a workflow that contains the desired actions. For instructions, see “Configuring and Managing Provisioning Workflows”.
Roles Based Provisioning Module (RBPM):
Manages entitlements based on roles that are assigned to users. For example, when a user is added to the Accounting role, the user automatically receives all accounts associated with the Accounting role. This requires that the Roles Based Provisioning Module be installed and configured for roles. For installation instructions, see the Installation Checklist
for the Roles Based Provisioning Module.
If you are using the fan-out configuration of the driver, the RBPM is the only supported entitlement agent.