Release Notes

List Identity Entitlements

Retrieve all entitlements (roles, groups, permissions) assigned to a specific identity

Endpoint

GET /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:list_entitlements

Description

Returns all groups, roles, and Access Profiles assigned to an identity across connected applications. This includes the identity's direct group memberships, role assignments, and Veza Access Profile memberships discovered in the Access Graph.

The identity_entity_id query parameter is required - use the entity_id from the identity (e.g., 00u2clxic15YZbO9R0h8), not the identity's UUID.

Example Response
{
  "values": [
    {
      "policy_id": "bc11e591-e607-4af8-bcfb-329d7d6d3c7a",
      "policy_identity_id": "01986129-fa4a-7d9e-b867-7e1b0526ae0f",
      "lifecycle_management_datasource_id": "d14d85e9-342a-4670-b5ec-ae318b2ffbf6",
      "provider_external_id": "veza-internal",
      "local_user_entity_type": "OAA.UKG.HRISEmployee",
      "local_user_entity_id": "custom_provider:hris:0f50fc99-4576-4745-8d16-05b7a5699488:type:UKG:employee:[email protected]",
      "entity_type": "VezaAccessProfile",
      "entity_id": "be6dd1f5-9753-4896-8d80-cb9d7640f139",
      "entity_name": "AD Developers",
      "lifecycle_management_enabled": true,
      "created_from": "OTHER",
      "sync_relationship": null
    },
    {
      "policy_id": "bc11e591-e607-4af8-bcfb-329d7d6d3c7a",
      "policy_identity_id": "01986129-fa4a-7d9e-b867-7e1b0526ae0f",
      "lifecycle_management_datasource_id": "39ebe93a-4873-4173-ac0c-a1236fbd312f",
      "provider_external_id": "sigmacorpx.oktapreview.com",
      "local_user_entity_type": "OAA.UKG.HRISEmployee",
      "local_user_entity_id": "custom_provider:hris:0f50fc99-4576-4745-8d16-05b7a5699488:type:UKG:employee:[email protected]",
      "entity_type": "OktaGroup",
      "entity_id": "00g23a1fjtgDOVCgm0h8",
      "entity_name": "AI Team",
      "lifecycle_management_enabled": true,
      "created_from": "OTHER",
      "sync_relationship": null
    },
    {
      "policy_id": "bc11e591-e607-4af8-bcfb-329d7d6d3c7a",
      "policy_identity_id": "01986129-fa4a-7d9e-b867-7e1b0526ae0f",
      "lifecycle_management_datasource_id": "b436cdcc-79a1-4b3b-b04f-a6923241244b",
      "provider_external_id": "f487d4ab-e9b3-4afb-a93c-775907c9e155",
      "local_user_entity_type": "OAA.UKG.HRISEmployee",
      "local_user_entity_id": "custom_provider:hris:0f50fc99-4576-4745-8d16-05b7a5699488:type:UKG:employee:[email protected]",
      "entity_type": "AzureADGroup",
      "entity_id": "e36aefe5-3e9a-4161-b7cd-a77fd61ccc69",
      "entity_name": "All Company",
      "lifecycle_management_enabled": true,
      "created_from": "OTHER",
      "sync_relationship": null
    },
    {
      "policy_id": "bc11e591-e607-4af8-bcfb-329d7d6d3c7a",
      "policy_identity_id": "01986129-fa4a-7d9e-b867-7e1b0526ae0f",
      "lifecycle_management_datasource_id": "b436cdcc-79a1-4b3b-b04f-a6923241244b",
      "provider_external_id": "f487d4ab-e9b3-4afb-a93c-775907c9e155",
      "local_user_entity_type": "OAA.UKG.HRISEmployee",
      "local_user_entity_id": "custom_provider:hris:0f50fc99-4576-4745-8d16-05b7a5699488:type:UKG:employee:[email protected]",
      "entity_type": "AzureADRole",
      "entity_id": "6fb1defc-5c29-4153-a082-c9b3b3bda918",
      "entity_name": "Helpdesk Administrator",
      "lifecycle_management_enabled": true,
      "created_from": "OTHER",
      "sync_relationship": null
    },
    {
      "policy_id": "bc11e591-e607-4af8-bcfb-329d7d6d3c7a",
      "policy_identity_id": "01986129-fa4a-7d9e-b867-7e1b0526ae0f",
      "lifecycle_management_datasource_id": "39ebe93a-4873-4173-ac0c-a1236fbd312f",
      "provider_external_id": "sigmacorpx.oktapreview.com",
      "local_user_entity_type": "OAA.UKG.HRISEmployee",
      "local_user_entity_id": "custom_provider:hris:0f50fc99-4576-4745-8d16-05b7a5699488:type:UKG:employee:[email protected]",
      "entity_type": "OktaGroup",
      "entity_id": "00g17pcjcszZ250yb0h8",
      "entity_name": "Employees",
      "lifecycle_management_enabled": true,
      "created_from": "OTHER",
      "sync_relationship": null
    },
    {
      "policy_id": "bc11e591-e607-4af8-bcfb-329d7d6d3c7a",
      "policy_identity_id": "01986129-fa4a-7d9e-b867-7e1b0526ae0f",
      "lifecycle_management_datasource_id": "d14d85e9-342a-4670-b5ec-ae318b2ffbf6",
      "provider_external_id": "veza-internal",
      "local_user_entity_type": "OAA.UKG.HRISEmployee",
      "local_user_entity_id": "custom_provider:hris:0f50fc99-4576-4745-8d16-05b7a5699488:type:UKG:employee:[email protected]",
      "entity_type": "VezaAccessProfile",
      "entity_id": "6c27362b-f96c-4ac6-af52-c151600d0a3f",
      "entity_name": "Okta All Employee Access",
      "lifecycle_management_enabled": true,
      "created_from": "OTHER",
      "sync_relationship": null
    }
  ]
}

API Reference

List Identity Entitlements

get

Returns all entitlements assigned to an identity managed by Lifecycle Management Policy, including any group membership, role assignment, or access profile discovered in the Access Graph.

Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
policy_idstringRequired

The UUID of the LCM policy

idstringRequired

UUID of the identity (within the LCM policy)

Query parameters
identity_entity_idstringOptional

The entity_id from the identity (e.g., Okta user ID). Required to filter entitlements for this specific user.

Responses
200

OK

application/json
get
/api/private/lifecycle_management/policies/{policy_id}/identities/{id}:list_entitlements
PreviousGet IdentityNextSCIM Provisioning

Last updated

Was this helpful?