...
On the right side of the image, we see our Azure tenant and on the left we see our EmpowerID instance—whether it's on premise or a SaaS instance. EmpowerID is running as Web and Application Server containers hosting inventory jobs that pull the data from Azure and stores it in the appropriate tables of the Identity Warehouse. Users from Azure Active Directory are stored in the Accounts table, groups in the Group table, and the products to which the tenant has subscribed in the AZLocalServiceBundle table. Additionally, detailed information about which users or groups are assigned to which of these subscriptions, as well as which of product features of the service plans are enabled or disabled on each of these assignments is stored in the AZAssigneeLocalServiceBundleService table. While the image shows just a few of the tables, it allows you to see the overall flow of how EmpowerID could securely communicate to an Azure App service running in your tenant, using a managed identity to talk to the Graph API to retrieve this information and to store it in the identity warehouse.
When EmpowerID inventories Azure AD, it creates an account in the EmpowerID Identity Warehouse for each Azure AD user account, a group for each Azure AD group, assigns group memberships to users based on their group memberships in Azure. Imported user information can be managed and synchronized with data in any connected back-end user directories.
Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory Azure AD user accounts
Create, Update and Delete Azure AD user accounts
Enable and Disable Azure AD user accounts
Update passwords for Azure AD user accounts
Group Management
Inventory Azure AD groups
Inventory Azure AD group memberships
Create and Delete Azure AD groups
Add and Remove members to and from Azure AD groups
Attribute Flow
Users in Azure AD are inventoried as accounts in EmpowerID, which are then linked EmpowerID Person objects. The below table shows the attribute mappings of Azure AD user attributes to EmpowerID Person attributes.
Azure AD Attribute | Corresponding EmpowerID Attribute | Description |
|---|---|---|
Name | Name | Name of the user |
name.familyName | LastName | Last name of the user |
name.givenName | FirstName | First name of the user |
name.middleName | MiddleName | Middle name of the user |
displayName | FriendlyName | Display Name of the user |
name.honorificSuffix | GenerationalSuffix |
|
title | Title | Title of the user |
email[?(@type=='work')].value | Work email address of the user | |
['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['department'] | Department | Department of the user |
['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['EmployeeNumber'] | EmployeeID | Employee ID of the user |
addresses[?(@.type=='work')].streetAddress | StreetAddress | Street address of the user |
addresses[?(@.type=='work')].locality | City | City in which the user resides or works |
addresses[?(@.type=='work')].region | State | State in which the user resides or works |
addresses[?(@.type=='work')].country | Country | Country of the user |
addresses[?(@.type=='work')].postalCode | PostalCode | Postal code of the user |
phoneNumbers[?(@.type=='home')].value | HomeTelephone | Home telephone of the user |
preferredLanguage | PreferredLanguage | Preferred language of the user |
phoneNumbers[?(@.type=='other')].value | Telephone | Telephone number for the person |
phoneNumbers[?(@.type=='fax')].value | Fax | Fax number for the person |