This is the draft preview of version 3.1 for the Federal Identity, Credential, and Access Management architecture.
3. Manage the Entitlements Lifecycle
You can assign access entitlements to individuals, roles, and groups. These entitlements define an employee or contractor’s access to agency services, so you’ll need to assign entitlements before an employee or contractor can access an agency service.
In this use case, an administrator needs to assign entitlements to an employee or contractor.
|1. Initiate the request
||An individual requests entitlements, or joins a team with specific access requirements.
This individual may be the employee or contractor, their supervisor, HR, or a security team member.
|2. Review the request
|| The administrator compares the employee or contractor’s requested entitlements with the relevant access requirements.
If the employee or contractor qualifies for the requested entitlements and has a mission need for access, the administrator approves the request.
|3. Assign the entitlements
|| The administrator assigns the entitlements to the employee or contractor.
Any time the employee or contractor’s role or relationship changes, the administrator updates the entitlements accordingly, including removing entitlements as needed.
- I want to indicate that an employee or contractor requires and is allowed access to an agency service, so that they can access the service when needed.
- An employee is hired to be part of the financial review team and requires access to financial applications. The employee may have a specific role assigned to their enterprise identity record.