Managing consumption of Sudo capabilities
The Sudo Platform entitlements service enables you to manage your users' consumption of Sudo capabilities.
An entitlement specifies how much of a Sudo capability a user is entitled to consume. For example, the maximum number of phone numbers able to be allocated simultaneously to a Sudo.
Entitlements are assigned to users either directly or indirectly by entitlements set.
An entitlements set is a collection of entitlements that can be assigned to many users. Changing the entitlements assigned to an entitlements set, changes the entitlements for all users assigned to that entitlements set.
Entitlements sets can also be assigned either directly to each user or indirectly by entitlements sequence.
An entitlements sequence describes a time based sequence of transitions from an initial entitlements set, through other entitlements sets at defined intervals.
Sudo Platform services define two classes of entitlements: Boolean entitlements and numeric entitlements.
Boolean entitlements represent an overall capability to access a service or feature of a service.
Numeric entitlements represent a limit on some resource that a user may consume. Numeric entitlements may either be expendable or not.
Expendable entitlements, once consumed, can never be recovered and are used to entitle operations that incur fees each time they are performed. Payment of the fee would be represented by increasing the expendable entitlement, performing the operation then consumed the entitlement.
Non-expendable entitlements can be recovered by the user deleting or cancelling instances of the resource they correspond to.
Entitlements are managed by integrating with your organization's existing entitlements system and defined as groups of entitlements called Entitlements Sets.
An entitlements set typically corresponds to a product subscription level and specifies all of the entitlements conferred to a user at that subscription level.
Entitlements sets can be changed to increase, decrease, add or remove entitlements for existing users entitled by that entitlements set allowing easy broad changes to entitlements across all of your users.
Entitlements can also be managed on a per-user basis, allowing for fine grained control of entitlements available to individual users.
Whether you manage user entitlements by direct specification of individual users' entitlements or by entitlements sets or both will depend on your existing product entitlement system, if any, and how your users will initially register to the Sudo Platform.
Entitlements sequences describe a sequence of transitions from one entitlements set to another after specific periods of time. They can be used to model product subscriptions. For example, failure to renew a subscription after a certain amount of time may result in transition to an entitlements set with reduced entitlements. Each user records a timestamp from which entitlements set transitions are calculated, updating this timestamp on subscription renewal extends the time a user would remain entitled by the initial entitlements set in the sequence.
If your users will register with Federated Single Sign-on, you will be able to configure a mapping from claims in the token issued by your identity provider to an initial entitlements set or sequence to allow for automatic entitlement of your users on first sign-on.
The initial establishment of entitlements in a federated single sign-on registration is performed by the client application calling the
If you are unable to include a claim that can map to initial entitlements set during Federated Single Sign-on then entitlements must be pre-defined for each user. The
redeemEntitlementsAPI must still be called to establish the mapping between your users and Sudo Platform users in the Sudo Platform entitlements system.