...
Some systems, such as Microsoft Azure AD and Teams, support the assignment of Accounts as Owners of the group within the Account Store. EmpowerID inventories this information and records changes in the GroupOwnerAccount and GroupOwnerAccountHistory tables respectively.
In addition to reporting on this information and tracking changes, EmpowerID includes a full set of workflows allowing delegated admins and end-users to manage members, owners, and to request access. These are a single set of workflows and user interfaces that work for all Account Store connectors that have implemented group membership functionality. As mentioned previously, the workflows operate against the Group and GroupAccount component API objects, and live changes are made based on the connector implementation of the Account Store Identity entry for that Security Boundary Type. The same connector code is called live from interactive workflows and in background processes and jobs which enforce the result of calculated policy-based access.
