Entity Discovery

Overview

BalkanID allows you to quickly view entitlement data across multiple systems mapped to the employees or service accounts owners. You can view the information about the following:

• Applications - You can view a list of all applications that you have integrated with your BalkanID tenant. Refer to Application page for entitlement discovery to understand its usage for entitlement discovery.

• Connections - You can view a list of all connections extracted from various applications. Refer to Connection page for entitlement discovery to understand its usage for entitlement discovery.

• Identities - You can use this page to see a list of all application identities that have been extracted from various applications that was integrated into your BalkanID tenant. Refer to Identities page for entitlement discovery to understand its usage for entitlement discovery.

• Resources - You can use this page to see a list of all application resources that have been extracted from various applications that was integrated into your BalkanID tenant. Refer to Resources page for entitlement discovery to understand its usage for entitlement discovery.

Filters

You can also use filters to easily view select data. This is a powerful tool to partition and isolate entitlement information to narrow down data based on specific attributes. Each page has its own set of attributes to filter data. Refer to Working with Filters to get a better understanding of how you can use filters to maximise your entitlement discovery capabilities.

Glossary for entity extraction

1. Identity: This represents a user or service account in your system. Identities are extracted directly from your application integrations. They could be individual users, customer profiles, or different types of accounts, each with specific access rights.

2. Resource: Resources are the assets or services that users can access. These are also extracted from your application integrations. Resources can include anything from documents, databases, or reports to specific features in your app. For instance, a resource could be a premium feature, a cloud storage space, or an API service that users have permission to use.

3. Connection: A connection represents the access provider for a user (identity) to a resource. These connections are derived from the entitlements granted through the application integrations. For example, a user gains access to admin resources as a virtue of being in an admin role. Here the "admin" role serves the purpose of a connection.

4. Insight: Unlike identities, resources, and connections—which are directly extracted from your application integrations—insights are generated based on our analysis of your data. Insights provide valuable, actionable information about how resources are being accessed. These insights are not directly pulled from your integrations but are created through analysis of the relationships and data captured by the other entities.

Entities description:

In our system, the Entities are used to represent identities, resources, connections, etc. The data extracted from your application integrations are organized into entity types such as identity, resource, connection, insight. Entities are flexible and can be extended in the future as new requirements and use cases emerge (for instance: even logs can be entities).

Understanding Entities