To enable the requesting of, for example, a password for an asset account or a session for the accounts and assets in the Privileged Account Management system, users require the necessary entitlements. To simplify the administration, user accounts can be grouped into user groups. Through the user groups, user accounts receive the entitlements for requesting passwords or sessions.
In One Identity Manager, you can assign the user groups directly to the user accounts, or they can be inherited through departments, cost centers, locations, or business roles. Users can also request the user groups through the Web Portal. To do this, the user groups are provided in the IT Shop.
The assignment of entitlements to user groups is not performed in One Identity Manager but in the Privileged Account Management.