Entitlements Discovery
Last updated
Was this helpful?
Last updated
Was this helpful?
BalkanID allows you to quickly view entitlement data across multiple systems mapped to the employees or service accounts owners. You can view the information about the following:
- You can view a list of all applications that you have integrated with your BalkanID tenant. Refer to to understand its usage for entitlement discovery.
- You can view a list of all connections extracted from various applications. Refer to to understand its usage for entitlement discovery.
- You can use this page to see a list of all application identities that have been extracted from various applications that was integrated into your BalkanID tenant. Refer to to understand its usage for entitlement discovery.
- You can use this page to see a list of all application resources that have been extracted from various applications that was integrated into your BalkanID tenant. Refer to to understand its usage for entitlement discovery.
Project
optional - This is the “project”-level data of organization in your application. This can be a Github organization, Slack organization, AWS account number, Azure directory, Google domain, Okta Site URL, etc. In the sample CSV, this is a Github organization “balkanid”. While optional, it is recommended that you provide Project value. If not provided, the Project value is set to “default”.
Privilege Name
required - This represents the name of the action/permission/entitlement a user has on a particular resource. These are typically actions that can be taken on a resource.
Privilege Value
required - This is a boolean value assigned to the privilege name. In most cases, these will be “true" meaning that they have the mentioned privilege. False indicates that they don't have the mentioned privilege.
Connection
optional, required if Connection Type is present - Connection describes how the identity (identified by the Username) gains the privilege (identified by Privilege Name and Privilege Value) to a resource (identified by Resource and Resource Type). If there is no Connection present, it implies that the user has a direct privilege over the resource.
Connection Type
optional, required if Connection is present - Connection Type describes the type of the Connection to a resource. Typical connection types are “role”, “policy”, “group”, but can include others depending on your application authorization structure. If there is no Connection type present, it implies that the user has a direct privilege over the resource.
Resource
optional, required if Resource Type is present - This field represents the resource that the user has access to.
Resource Type
optional, required if Resource is present - This field represents a useful resource type that groups resources in your application. This can be a Github repository/organization/application, AWS service, a Slack channel, etc.
Identity
required - This field represents the application identity extracted from the application. For example, your GitHub username may not be the same as your actual name. So your username is an identity.
You can also use filters to easily view select data. This is a powerful tool to partition and isolate entitlement information to narrow down data based on specific attributes. Each page has its own set of attributes to filter data. Refer to to get a better understanding of how you can use filters to maximise your entitlement discovery capabilities.
Utilizing in BalkanID for entitlement discovery is a powerful tool. Insights include , (Early Access), and Privileged Identities. For more information on these insights and how to utilize them please refer to - .