# Access Provisioning

Access provisioning capabilities are at the heart of **Okta Orchestrator**. We use the concept of [**Access Entities**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-entities) to describe a bundle of one or more applications to which a user can request access. The Access Entity record contains information about the access it imparts as well as the behavior of that access.

There are 2 ways in which a user can be granted an [**Access Entity**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-entities):

1. Via request through the [**Okta Service Catalog**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/okta-service-catalog) items
2. Via [**Access Rules**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-rules)

{% hint style="info" %}
You can always check which users have access to which [**Access Entities**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-entities) by visiting **Okta Orchestrator -> Access -> Access Entity Assignments** in the left nav.
{% endhint %}