You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# View, add, and remove assignments for an access package in entitlement management
24
24
25
-
In entitlement management, you can see who has been assigned to access packages, their policy, and status. If an access package has an appropriate policy, you can also directly assign user to an access package. This article describes how to view, add, and remove assignments for access packages.
25
+
In entitlement management, you can see who has been assigned to access packages, their policy, status, and user lifecycle (preview). If an access package has an appropriate policy, you can also directly assign user to an access package. This article describes how to view, add, and remove assignments for access packages.
26
26
27
27
## Prerequisites
28
28
29
29
To use entitlement management and assign users to access packages, you must have one of the following licenses:
30
30
31
31
32
-
-Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
Entitlement management also allows you to get visibility into state of a guest user's lifecycle through the following viewpoints:
195
+
196
+
-**Governed** - The user is set to be governed.
197
+
-**Ungoverned** - The user is set to not be governed.
198
+
-**Blank** - The lifecycle for the user is not determined. This happens when a user had an access package assigned before managing user lifecycle was possible.
199
+
200
+
> [!NOTE]
201
+
> When a guest user is set as **Governed**, based on ELM tenant settings their account will be deleted or disabled in specified days after their last access package assignment expires. Learn more about ELM settings here: [Manage external access with Azure Active Directory entitlement management](../fundamentals/6-secure-access-entitlement-managment.md).
202
+
203
+
You can directly convert ungoverned users to governed by using the **Mark Guests as Governed ( preview)** functionality in the top menu bar.
204
+
205
+
To manage user lifecycle, you'd follow these steps:
206
+
207
+
**Prerequisite role:** Global administrator, User administrator, Catalog owner, Access package manager or Access package assignment manager
208
+
209
+
1. In the Azure portal, select **Azure Active Directory** and then select **Identity Governance**.
210
+
211
+
1. In the left menu, select **Access packages** and then open the access package.
212
+
213
+
1. In the left menu, select **Assignments**.
214
+
215
+
1. On the assignments screen, select the user you want to manage the lifecycle for, and then select **Mark guest as governed (Preview)**.
216
+
:::image type="content" source="media/entitlement-management-access-package-assignments/govern-user-lifecycle.png" alt-text="Screenshot of the govern user lifecycle selection.":::
217
+
1. Select save.
218
+
219
+
## Manage user lifecycle programmatically
220
+
221
+
To manage user lifecycle programatically using Microsoft Graph, see: [accessPackageSubject resource type](/graph/api/resources/accesspackagesubject).
222
+
191
223
## Remove an assignment
192
224
193
225
You can remove an assignment that a user or an administrator had previously requested.
0 commit comments