LogoLogo
  • Platform Overview
  • 🗺️Guides
    • Getting Started
    • Users
      • Integrate the User SDK
      • Registration
      • Authentication
      • SDK Releases
      • API Reference
    • Entitlements
      • Administrative API
        • Integrating the Administrative API
        • Entitlement Definitions
        • Managing Entitlements Sets
        • Managing Entitlements Sequences
        • Managing User Entitlements
        • API Schema
      • End-user API
        • Integrate the Entitlements SDK
        • Redeeming Entitlements
        • Retrieving Entitlements
        • SDK Releases
        • API Reference
    • Sudos
      • Integrate the Sudo Profiles SDK
      • Sudo Entitlements
      • Manage Sudos
      • SDK Releases
      • API Reference
    • Telephony
      • Integrate the Telephony SDK
      • Manage Phone Numbers
      • Text Messaging
      • Voice Calling
      • Telephony Simulator
      • SDK Releases
      • API Reference
    • Email
      • Integrate the Email SDK
      • Email Entitlements
      • Manage Email Addresses
      • Sending & Receiving Email
      • Manage Email Folders
      • Draft Email Messages
      • Manage Email Address Blocklists
      • Email Address Public Information
      • Pagination
      • Caching
      • Configuration Data
      • Email Notifications
      • SDK Releases
      • API Reference
    • Decentralized Identity
      • Edge Agent
        • Relay SDK
          • Integrate the Relay SDK
          • Relay Entitlements
          • Manage Relay Postboxes
          • Manage Relay Messages
          • Receiving Messages
          • SDK Releases
        • Edge Agent SDK
          • Integrate the Edge Agent SDK
          • Agent Management
          • Manage Wallets
          • Establishing Connections
          • Manage Connections
          • Messaging
          • Manage DIDs
          • Accepting New Credentials
          • Manage Credentials
          • Present Credentials for Verification
          • Utilize Alternative Cryptography Providers
          • SDK Releases
          • Standards and Protocols
      • Cloud Agent
        • Cloud Agent Admin API
          • Integrate the Cloud Agent Admin API
          • Aries Interop Profile (AIP)
            • Connection Exchanges
            • Credential Exchanges
            • Proof Exchanges
          • Connections
          • Basic Messages
          • Credentials
            • Anoncreds Credentials
              • Schemas
              • Credential Definitions
            • W3C Credentials
          • Audit Logs
          • API Schema
          • Error Codes
          • Standards and Protocols
    • Virtual Cards
      • Integrate the Virtual Cards SDK
      • Virtual Cards Entitlements
      • Virtual Cards Transaction Velocity Constraints
      • Key Management
      • Manage Funding Sources
      • Manage Virtual Cards
      • Manage Transactions
      • Configuration Data
      • Pagination
      • Caching
      • SDK Releases
      • API Reference
    • Virtual Cards Simulator
      • Integrate the Virtual Cards Simulator SDK
      • Simulate Authorizations
      • Simulate Debits
      • Simulate Refunds
      • Simulate Reversals
      • Merchants and Currencies
      • SDK Releases
      • API Reference
    • Virtual Private Network
      • Integrate the VPN SDK
      • VPN Entitlements
      • Manage Servers
      • Manage Connection
      • Observe VPN Related Events
      • SDK Releases
      • API Reference
      • Frequently Asked Questions
    • Secure ID Verification
      • Integrate the Secure ID Verification SDK
      • List Supported Countries
      • Verify an Identity
      • Check Secure ID Verification Status
      • Use the Secure ID Verification Simulator
      • SDK Releases
      • API Reference
    • Password Manager
      • Integrate the Password Manager SDK
      • Accessing the Password Manager
      • Managing Password Vaults
      • Managing Password Vault Items
      • Vault Import and Export
      • Password Utilities
      • Password Manager Entitlements
      • Password Vault Security
      • SDK Releases
      • API Reference
    • Ad/Tracker Blocker
      • Integrate the Ad/Tracker Blocker SDK
      • Manage Rulesets
      • Blocking Ads and Trackers
      • Manage Exceptions
      • SDK Releases
      • API Reference
    • Site Reputation
      • Integrate the Site Reputation SDK
      • Use the Site Reputation SDK
      • SDK Releases
      • API Reference
  • 💡Concepts
    • Sudo Digital Identities
  • 🧱Development
    • Versioning
  • 🏢Administration
    • Admin Console Roles
  • ❓Get Help
    • Request a Demo
    • Report an Issue
Powered by GitBook
On this page
  • Entitlement Types
  • Entitlements Sets
  • Entitlements Sequences
  • Federated Single Sign-on Registration
  • Private Key Registration
  • Next Steps
  1. Guides

Entitlements

Managing consumption of Sudo capabilities

The Sudo Platform entitlements service enables you to manage your users' consumption of Sudo capabilities.

An entitlement specifies how much of a Sudo capability a user is entitled to consume. For example, the maximum number of phone numbers able to be allocated simultaneously to a Sudo.

Entitlements are assigned to users either directly or indirectly by entitlements set.

An entitlements set is a collection of entitlements that can be assigned to many users. Changing the entitlements assigned to an entitlements set, changes the entitlements for all users assigned to that entitlements set.

Entitlements sets can also be assigned either directly to each user or indirectly by entitlements sequence.

An entitlements sequence describes a time based sequence of transitions from an initial entitlements set, through other entitlements sets at defined intervals.

Entitlement Types

Sudo Platform services define two classes of entitlements: Boolean entitlements and numeric entitlements.

Boolean entitlements represent an overall capability to access a service or feature of a service.

Numeric entitlements represent a limit on some resource that a user may consume. Numeric entitlements may either be expendable or not.

Expendable entitlements, once consumed, can never be recovered and are used to entitle operations that incur fees each time they are performed. Payment of the fee would be represented by increasing the expendable entitlement, performing the operation then consumed the entitlement.

Non-expendable entitlements can be recovered by the user deleting or cancelling instances of the resource they correspond to.

Entitlements Sets

Entitlements are managed by integrating with your organization's existing entitlements system and defined as groups of entitlements called Entitlements Sets.

An entitlements set typically corresponds to a product subscription level and specifies all of the entitlements conferred to a user at that subscription level.

Entitlements sets can be changed to increase, decrease, add or remove entitlements for existing users entitled by that entitlements set allowing easy broad changes to entitlements across all of your users.

Entitlements can also be managed on a per-user basis, allowing for fine grained control of entitlements available to individual users.

Whether you manage user entitlements by direct specification of individual users' entitlements or by entitlements sets or both will depend on your existing product entitlement system, if any, and how your users will initially register to the Sudo Platform.

Entitlements Sequences

Entitlements sequences describe a sequence of transitions from one entitlements set to another after specific periods of time. They can be used to model product subscriptions. For example, failure to renew a subscription after a certain amount of time may result in transition to an entitlements set with reduced entitlements. Each user records a timestamp from which entitlements set transitions are calculated, updating this timestamp on subscription renewal extends the time a user would remain entitled by the initial entitlements set in the sequence.

Federated Single Sign-on Registration

If your users will register with Federated Single Sign-on, you will be able to configure a mapping from claims in the token issued by your identity provider to an initial entitlements set or sequence to allow for automatic entitlement of your users on first sign-on.

Private Key Registration

Next Steps

PreviousAPI ReferenceNextAdministrative API

Last updated 7 months ago

Contact to enable the appropriate mapping for your identity provider.

The initial establishment of entitlements in a federated single sign-on registration is performed by the client application calling the API.

If you are unable to include a claim that can map to initial entitlements set during Federated Single Sign-on then entitlements must be pre-defined for each user. The API must still be called to establish the mapping between your users and Sudo Platform users in the Sudo Platform entitlements system.

Contact to enable entitlements for users registering by private key.

Integrate the Entitlements SDK into your , and applications

Integrate the with your own entitlements system

Learn more about and other core concepts

🗺️
support@sudoplatform.com
redeemEntitlements
redeemEntitlements
support@sudoplatform.com
Administrative API
Sudo digital identities
JavaScript
iOS
Android