Versions Compared

Old Version 3

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 4

changes.mady.by.user Dhiraj Kumar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID is built on an Identity Warehouse model in which Person objects represent each human being that could log in or be managed by the system. And those Person objects can have or own any number of user accounts in any number of external systems. These user accounts are linked or joined to their respective Person objects via a process known as the “Account Inbox.” The Account Inbox processes user accounts discovered during inventory to determine whether those accounts should be joined to an existing Person object or used as the basis for provisioning new Person objects.

What is the Account Inbox?

The Account Inbox is simply a view of the Account table

and

that utilizes status fields to determine

if the account has been processed and belongs to a person.The Account Inbox Bulk

how user accounts should be processed. In doing so, it asks the following questions:

  • Does the account already belong to a Person?

  • Has the account already been processed and what is the status of that processing? Does it need to be reprocessed?

If the PersonID field of the Account table for any given account is NULL, then that account is considered to be an orpan account. The Account Inbox workflow claims orphan accounts in batches to determine if they can be joined to an existing person, provisioned to a new person, or ignored.

  • Image Modified


    Image Modified

Account Inbox Prerequisites

  • At least one EmpowerID Worker role container must have a role with the Permanent Workflow Job/Role enabled

  • The Account Inbox permanent workflow must be enabled.

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<article>\r\n <div class=\"cont\">\r\n <h3>About the Account Inbox</h3>\r\n </div>\r\n <audio controls>\r\n <source src=\"https://docs.empowerid.com/assets/audio/AccountInbox.wav\" type=\"audio/wav\">\r\n</audio>\r\n \r\n</article>\r\n","javascript":"","css":"@import 'https://fonts.googleapis.com/css?family=Lato';\r\n\r\n\r\nbody {\r\n\t\r\n\tfont-family: 'Lato';\r\n}\r\n\r\narticle{\r\n\tbackground: #343436;\r\n\twidth: 80%;\r\n\ttext-align: center;\r\n\tpadding: 30px 5%;\r\n\tbox-sizing: border-box;\r\n\tbox-shadow: 0 0 21px 0px rgba(0,0,0,0.3);\r\n\tborder-radius: 10px;\r\n\tmargin-left: 40px;\r\n}\r\n\r\n.cont h3{\r\n\tfont-family: 'Lato';\r\n\tfont-size: 18px;\r\n\tmargin: 0 0 10px 0;\r\n\tcolor: #ccc;\r\n}\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n}"}
Account Store Settings Related to the Account Inbox
  • Allow Person Provisioning – Allows or disallows EmpowerID Persons to be created from the user accounts discovered during inventory.
  • Allow Automatic Person Provision on Inventory – This allows EmpowerID to provision EmpowerID people for new accounts discovered during the inventory process if they meet the Provision Rule
  • Allow Automatic Person Join on Inventory – This allows EmpowerID to join newly discovered accounts to people during the inventory process if they meet the Join Rule
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<article>\r\n <div class=\"cont\">\r\n <h3>Related Account Store Settings</h3>\r\n </div>\r\n <audio controls>\r\n <source src=\"https://docs.empowerid.com/assets/audio/AccountStoreSettings.wav\" type=\"audio/wav\">\r\n</audio>\r\n \r\n</article>\r\n","javascript":"","css":"@import 'https://fonts.googleapis.com/css?family=Lato';\r\n\r\n\r\nbody {\r\n\t\r\n\tfont-family: 'Lato';\r\n}\r\n\r\narticle{\r\n\tbackground: #343436;\r\n\twidth: 80%;\r\n\ttext-align: center;\r\n\tpadding: 30px 5%;\r\n\tbox-sizing: border-box;\r\n\tbox-shadow: 0 0 21px 0px rgba(0,0,0,0.3);\r\n\tborder-radius: 10px;\r\n\tmargin-left: 40px;\r\n}\r\n\r\n.cont h3{\r\n\tfont-family: 'Lato';\r\n\tfont-size: 20px;\r\n\tmargin: 0 0 10px 0;\r\n\tcolor: #ccc;\r\n}\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n}"}
Account Inbox Permanent Workflow
Image Modified
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<article>\r\n <div class=\"cont\">\r\n <h3>Account Inbox Permanent Workflow</h3>\r\n </div>\r\n <audio controls>\r\n <source src=\"https://docs.empowerid.com/assets/audio/AccountInbox.wav\" type=\"audio/wav\">\r\n</audio>\r\n \r\n</article>\r\n","javascript":"","css":"@import 'https://fonts.googleapis.com/css?family=Lato';\r\n\r\n\r\nbody {\r\n\t\r\n\tfont-family: 'Lato';\r\n}\r\n\r\narticle{\r\n\tbackground: #343436;\r\n\twidth: 80%;\r\n\ttext-align: center;\r\n\tpadding: 30px 5%;\r\n\tbox-sizing: border-box;\r\n\tbox-shadow: 0 0 21px 0px rgba(0,0,0,0.3);\r\n\tborder-radius: 10px;\r\n\tmargin-left: 40px;\r\n}\r\n\r\n.cont h3{\r\n\tfont-family: 'Lato';\r\n\tfont-size: 18px;\r\n\tmargin: 0 0 10px 0;\r\n\tcolor: #ccc;\r\n}\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n}"}
Account Inbox Join Rules
With EmpowerID, you can set rules that evaluate the accounts in those directories to determine whether EmpowerID People should be provisioned from those accounts. The logic that determines this is specified by the Join and Provision Rules and the Join and Provision Filters, specified on the Account Inbox Settings page. These settings are grouped on the Account Inbox Settings page, which you can access by navigating to Identity Lifecycle > Settings. 
Rules can be provisioned by different combinations of First Name, Last Name, DOB, Email, EmployeeID, or account attributes. You can write custom SQL logic in the Join by Custom Match field to extend the default options and implement your own logic for join rules. A setting to specify whether joining an inventoried account to an EmpowerID Person is allowed by setting the Join Rule.
An extensive review of the joiner rules and description can be found here https://dotnetworkflow.jira.com/wiki/pages/resumedraft.action?draftId=1446561628.
Image Modified
Image Modified
Account Inbox Provision Rule
The default shipping logic ensures that for provisioning an EmpowerID Person from an inventoried account, the following conditions must be met:
  • Person provisioning is allowed (A.AllowProvision = 1)
  • An account store exists in EmpowerID for an external system
  • Person provisioning is allowed on the account store with the accounts
If the above conditions are met, EmpowerID will provision an EmpowerID Person for each user account in a connected user directory that does not currently have a Person linked to it (based on the Join Filter and rules specified above).
Image Modified
Core Identity Inbox Settings
EmpowerID supports Core Identity, a “master identity” representing one individual who might have one or more professional identity (represented in EmpowerID as a person). Settings can be configured for how the joining of person objects to the corresponding core identity is determined.
Join by First Name and Last Name: Specifies that Person objects be joined to the same core identity when the first name and the last name attributes of the Person objects are the same.
Join by Birth Date and First Name and Last Name: Specifies that Person objects be joined to the same core identity when the Person objects' birth date, first name, and last name attributes are the same.
Join based on this list of comma-separated attributes: In addition to the above join rules, allows you to specify one or more custom Person attributes that must be the same for the Person objects to be joined to the same core identity.
Core Identity Provision Rule: Allows you to write custom provision rule for creating core identities.
Image Modified
New “Proposed” tab to Preview Rule Change Impact Before They Are Saved
Image Modified
 Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue
Please find below the video demo regarding the EmpowerID account inbox. This demo has the references of EmpowerID web interface to locate various settings regarding account inbox process.
...
 Info
Related Docs Topics:
Identity Lifecycle 
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<head>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-KyZXEAg3QhqLMpG8r+8fhAXLRk2vvoC2f3B09zVXn8CA5QIVfZOJ3BCsw2P0p/We\" crossorigin=\"anonymous\">\r\n</head>\r\n<nav aria-label=\"...\">\r\n <ul class=\"pagination justify-content-center\">\r\n <li class=\"page-item\">\r\n <a class=\"page-link\" href=\"https://dotnetworkflow.jira.com/wiki/spaces/EIDIGACore/pages/2387741968/Joiner+Process\" target=\"_top\"> &laquo; &nbsp;&nbsp;Previous</a>\r\n </li>\r\n <li class=\"page-item active\" aria-current=\"page\">\r\n <span class=\"page-link\">Current</span>\r\n </li>\r\n <li class=\"page-item\">\r\n <a class=\"page-link\" href=\"https://dotnetworkflow.jira.com/wiki/spaces/EIDIGACore/pages/2387742115/Birthright+Access\" target=\"_top\"> Next&nbsp;&nbsp; &raquo;</a>\r\n </li>\r\n </ul>\r\n</nav>","javascript":"","css":""}