Programmable model-driven license management and enforcement in a multi-tenant system

What is claimed is: 1. A method, comprising: receiving, by a device and over a computer network, license data associated with a plurality of licenses related to an organization of a multi-tenant system; determining, by the device and based on the license data, entitlements associated with the plurality of licenses, roles of users, and capabilities associated with the roles; receiving, by the device, a request from a particular user of the multi-tenant system; authorizing, by the device, the particular user based on a mapping of the entitlements and the capabilities, wherein the authorizing comprises: determining first capabilities associated with a particular role associated with the particular user; determining second capabilities associated with particular entitlements associated with the particular user; and providing, based on determining whether the first capabilities and the second capabilities match, an authorization response; processing, by the device and based on using a machine learning model, usage of the entitlements to predict future usage of the entitlements; and providing, by the device and based on the predicted future usage, an entitlement recommendation. 2. The method of claim 1 , wherein the license data identifies device licenses and organization licenses related to the organization. 3. The method of claim 1 , wherein authorizing the particular user comprises: generating an authentication token based on particular capabilities associated with a role of the particular user; and authorizing an application programming interface call based on validating the authentication token. 4. The method of claim 3 , wherein the application programming interface call is made by a particular device associated with the particular user to the multi-tenant system. 5. The method of claim 1 , further comprising: receiving a request for utilizing the multi-tenant system; determining whether a license quota associated with a particular capability associated with the request is satisfied; and generating a response to the request based on whether the license quota is satisfied. 6. The method of claim 1 , further comprising: determining an entitlement count of the entitlements; and subtracting a quantity of one or more expired entitlements from the entitlement count. 7. A device, comprising: one or more memories; and one or more processors, coupled to the one or more memories, to: receive, over a computer network, license data associated with a plurality of licenses related to an organization of a multi-tenant system; determine, based on the license data, entitlements associated with the plurality of licenses, roles of users, and capabilities associated with the roles; receive a request from a particular user of the multi-tenant system; authorize, based on a mapping of the entitlements and the capabilities, the particular user, wherein the authorizing comprises: determining first capabilities associated with a particular role associated with the particular user; determining second capabilities associated with particular entitlements associated with the particular user; and providing, based on determining whether the first capabilities and the second capabilities match, an authorization response; process, by the device and based on using a machine learning model, usage of the entitlements to predict future usage of the entitlements; and provide, based on the predicted future usage, an entitlement recommendation. 8. The device of claim 7 , wherein the license data identifies device licenses and organization licenses related to the organization. 9. The device of claim 7 , wherein the one or more processors, to authorize the particular user, are to: generate an authentication token based on particular capabilities associated with a role of the particular user; and authorize an application programming interface call based on validating the authentication token. 10. The device of claim 9 , wherein the application programming interface call is made by a particular device associated with the particular user to the multi-tenant system. 11. The device of claim 7 , wherein the one or more processors are further to: receive a request for utilizing the multi-tenant system; determine whether a license quota associated with a particular capability associated with the request is satisfied; and generate a response to the request based on whether the license quota is satisfied. 12. The device of claim 7 , wherein the one or more processors are further to: determine an entitlement count of the entitlements; and subtract a quantity of one or more expired entitlements from the entitlement count. 13. A non-transitory computer-readable medium storing a set of instructions, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the device to: receive, over a computer network, license data associated with a plurality of licenses related to an organization of a multi-tenant system; determine, based on the license data, entitlements associated with the plurality of licenses, roles of users, and capabilities associated with the roles; receive a request from a particular user of the multi-tenant system; determine first capabilities associated with a particular role associated with the particular user; determine second capabilities associated with particular entitlements associated with the particular user; provide, based on determining whether the first capabilities and the second capabilities match, an authorization response, wherein the authorization response is further based on a mapping of the entitlements; process, by the device and based on using a machine learning model, usage of the entitlements to predict future usage of the entitlements; and provide, based on the predicted future usage, an entitlement recommendation. 14. The non-transitory computer-readable medium of claim 13 , wherein the license data identifies device licenses and organization licenses related to the organization. 15. The non-transitory computer-readable medium of claim 13 , wherein the one or more instructions, that cause the device to authorize the particular user, further cause the device to: generate an authentication token based on particular capabilities associated with a role of the particular user; and authorize an application programming interface call based on validating the authentication token. 16. The non-transitory computer-readable medium of claim 15 , wherein the application programming interface call is made by a particular device associated with the particular user to the multi-tenant system. 17. The non-transitory computer-readable medium of claim 13 , wherein the one or more instructions further cause the device to: receive a request for utilizing the multi-tenant system; determine whether a license quota associated with a particular capability associated with the request is satisfied; and generate a response to the request based on whether the license quota is satisfied. 18. The method of claim 1 , further comprising: providing an authorization code. 19. The device of claim 7 , wherein the one or more processors are further to: provide an authorization code. 20. The non-transitory computer-readable medium of claim 13 , wherein the one or more instructions further cause the device to: provide an authorization code.