...
EmpowerID consists of a large number of jobs for very granular processing of different items such as inventory information, attribute flow, group membership, account lockout detection and even license assignment changes and stores that information in its SQL database or Identity Warehouse. Jobs can run across multiple servers in parallel to support even the largest environments. For Azure License Manager, the relevant jobs include:
Inventory
Resource System Inbox Inventory Inbox
License Pool Compiler
License Pool Change Inbox Processor
License Pool Approval Change Inbox Processor
...
On the right side of the image, we see an Azure tenant with users, groups, subscriptions, and license assignment information. We also see the SCIM App Service. On the left, we see our EmpowerID instance — whether it's on-premise or a SaaS instance. EmpowerID is running as Web and Application Server containers hosting inventory jobs that pull pulls the data from Azure and stores it in the appropriate tables of the Identity Warehouse. Users from Azure Active Directory are stored in the Accounts table, groups in the Group table, and the products to which the tenant has subscribed in the AZLocalServiceBundle table. Additionally, detailed information about which users or groups are assigned to which of these subscriptions, as well as which product features of the service plans are enabled or disabled on each of these assignments is stored in the AZAssigneeLocalServiceBundleService table. While the image shows just a few of the tables, it allows you to see the overall flow of how EmpowerID could securely communicate to an Azure App service running in your tenant, using a managed identity to talk to the Graph API to retrieve this information and to store it in the identity warehouse.
...
Resource System Inbox
...
Invnetory Processor
This job claims and processes all the data contained in the AzureJSONInbox table in EmpowerID. This table is populated during inventory and stores inventoried information for all Azure-specific information such as license subscriptions, RBAC entities such as management groups, and information about license assignments. The job has two steps:
...