Skip to end of banner
Go to start of banner

Account Inbox Overview

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Because of the key role of Person objects in EmpowerID, the process by which EmpowerID joins inventoried accounts to these objects is foundational to how EmpowerID manages your user identities. As was mentioned in the Understanding Inventory topic, when EmpowerID inventories a resource system with user accounts, it does more than just write a copy of those user accounts to a table in the EmpowerID metadirectory. It evaluates those accounts to determine whether or not they are owned by users, and based on that evaluation it does one of the following three things:

  • It ignores them;
  • It joins them to existing EmpowerID Persons;
  • It provisions new EmpowerID Persons, joining those new Persons to the accounts.

AccountInboxing_GetJoinFilter

This function specifies which accounts can be joined to People. To be joined, accounts must meet the criteria specified by the function AS WELL AS the filter specified in the AccountInboxing_GetJoinAndProvisionFilter function. The default logic for this function states that all inventoried accounts are eligible for joining. If the value of AllowJoin was set to 0, no accounts would be eligible.


DECLARE @JoinFilter NVARCHAR(MAX) = N'A.AllowJoin = 1' AND A.AccountStoreID = 1002

This function can be customized to filter or exclude accounts from being targets for joining to People. For example, if you wanted only those accounts in a specific account store to be eligible targets for joining, you could alter the function in the following way:


AccountInboxing_GetProvisionFilter

This function specifies the accounts from which Persons can be provisioned. To be provisioned, accounts must meet the criteria specified the function AS WELL AS the filter specified in the AccountInboxing_GetJoinAndProvisionFilter function. The default logic for this function states that Persons can be provisioned from an accounts store when AllowPersonProvisioning is set to true on the account store from which the account originates.

DECLARE @ProvisionFilter NVARCHAR(MAX) =
    N'A.AllowProvision = 1 AND EXISTS(SELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1)'

This function can be customized to filter or exclude accounts within an eligible account store from being targets for provisioning new Persons. For example, if you wanted only those accounts with a Department value of Sales to be eligible targets for provisioning new Persons, you could alter the function in the following way:

DECLARE @ProvisionFilter NVARCHAR(MAX) =
    N'A.AllowProvision = 1 AND EXISTS(SELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1 AND A.Department = N''Sales'')'

AccountInboxing_GetJoinAndProvisionFilter

This function specifies logic that the above two functions, AccountInboxing_GetJoinFilter and AccountInboxing_GetProvisionFilter, could have in common. This prevents duplicating this logic in the other two functions. To be joined or used to provision new Persons, accounts must meet the criteria specified by the function AS WELL AS the filters specified in the AccountInboxing_GetJoinFilter function (for joining) and the AccountInboxing_GetProvisionFilter function (for provisioning). The default logic for this function ensures that for joining or provisioning, an account must meet the following criteria:

  • The account is not currently owned by a Person (The account's PersonID field IS NULL)
  • The account is active (The account's Disabled and Deleted fields are 0)
  • The account is not an Active Directory contact account or a non-personal account (The AccountTypeID field is not equal to 2 and the AccountUsageTypeIDequals 1.
  • The account has valid FirstName and LastName values (The length of each field is greater than 0)

DECLARE @JoinAndProvisionFilter NVARCHAR(MAX) = N'A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID <> 2 AND A.AccountUsageTypeID = 1 AND LEN(A.FirstName) > 0 AND LEN(A.LastName) > 0'


This function should be customized in situations where the same filter would be applied to accounts that are both join and provision targets. For example, if you wanted only those accounts with an EmployeeType of Contractor to be targets for joining or provisioning, you could alter the function in the following way:

DECLARE @JoinAndProvisionFilter NVARCHAR(MAX) =
            N'A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID <> 2 AND A.AccountUsageTypeID = 1
            AND LEN(A.FirstName) > 0 AND LEN(A.LastName) > 0 AND A.EmployeeType = ''Contractor''


  • No labels