Versions Compared

Old Version 3

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can use a Dynamic Hierarchy policy to automatically generate external Business Roles and Locations based on the value of a specified person attribute, such as the name of their department. After the policy is created, the Dynamic Hierarchy engine will add any person with the matching attribute values to the Role and Location.

Create the

...

policy

...

  1. On the navbar, expand Dynamic Hierarchies and select Policies.

  2. On the Find Dynamic Hierarchy Policy page, click the Click the Add (+) button.

    Image RemovedImage Added

    In
    This opens the Policy Details form that appears, enter the following information:

  3. Select A Policy Type – Account Attribute External Roles and Locations

  4. Name – Name of the policy

  5. Description – Description of the policy

  6. Directory – Select the directory with the users to which you want to apply policy

  7. Hierarchy Generation Enabled – Enable this option to allow EmpowerID to generate the dynamic hierarchy.

  8. Hierarchy Generation Next Run – Click the field and in the calendar control that appears, specify the date and time for the next run of the Hierarchy Generation job for this policy.

  9. Hierarchy Generation Schedule – Optionally, click the Start and End fields and in the calendar control that appears for each field, specify the respective start and end dates for hierarchy generation to occur.

    10. Interval – Specify the interval the hierarchy generation should occur from the Interval pane.

    Image RemovedWhen doing so, you have the following options:

    • Once – Hierarchy generation occurs one time.

    • Minute Interval – Hierarchy generation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. So, for example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice. The first occurrence is at the date and time specified in the Hierarchy Generation Next Run field and the second occurrence is 24 minutes after the first run completes. However, if you select Run Indefinitely, and then select an Interval of 24, hierarchy generation occurs once every 24 minutes, indefinitely.

    • Hour Interval – Hierarchy generation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. So, for example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice. The first occurrence is at the date and time specified in the Hierarchy Generation Next Run field and the second occurrence is 24 hours after the first run completes. However, if you select Run Indefinitely, and then select an Interval of 24, hierarchy generation occurs once every 24 hours, indefinitely.

    • Daily – Hierarchy generation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. So, for example, if you select an iteration of 2, hierarchy generation occurs twice. The first occurrence is at the date and time specified in the Hierarchy Generation Next Run field and the second occurrence is on the following day at the time specified in the Times field. However, if you select Run Indefinitely, hierarchy generation occurs on a daily basis at the time specified in the Times field.

  10. Membership Recalculation Enabled – Enable this option to allow EmpowerID to recalculate and update group membership as specified.

  11. Membership Recalculate Next Run – Click the field and in the calendar control that appears, specify the date and time for the next run of the Dynamic Hierarchy Membership Recalculation job.

  12. Membership Recalculation Schedule – Optionally, click the Start and End fields and in the calendar control that appears for each field, specify the respective start and end dates for hierarchy generation to occur.

  13. Interval – Specify the occurrence interval for the hierarchy generation from the Interval pane. When doing so, you have the following options:

    • Once – Membership recalculation occurs one time.

    • Minute Interval – Membership recalculation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. So, for example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice. The first occurrence is at the date and time specified in the Membership Recalculate Next Run field and the second occurrence is 24 minutes after the first run completes. However, if you select Run Indefinitely, and then select an Interval of 24, membership recalculation occurs once every 24 minutes, indefinitely.

    • Hour Interval – Membership recalculation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. So, for example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice. The first occurrence is at the date and time specified in the Membership Recalculate Next Run field and the second occurrence is 24 hours after the first run completes. However, if you select Run Indefinitely, and then select an Interval of 24, membership recalculation occurs once every 24 hours, indefinitely.

    • Daily – Membership recalculation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. So, for example, if you select an iteration of 2, membership recalculation occurs twice. The first occurrence is at the date and time specified in the Membership Recalculation Next Run field and the second occurrence is on the following day at the time specified in the Times field. However, if you select Run Indefinitely, membership recalculation occurs on a daily basis at the time specified in the Times field.

      Image Removed

  14. External Role Level 1 – Specify the attribute that is to be used to generate the parent external role.

  15. External Location Level 1 – Specify the attribute that is to be used to generate the parent external location.

  16. External Role Level 2 – If nesting roles, specify the attribute that is to be used to generate the first child external role.

  17. External Location Level 2 – If nesting locations, specify the attribute that is to be used to generate the first location external role.

  18. External Role Level 3 – If nesting roles, specify the attribute that is to be used to generate the second child external role.

  19. External Location Level 3 – If nesting locations, specify the attribute that is to be used to generate the second location external role.

  20. Claim Matching Roles – Select this option to allow the Dynamic Hierarchy engine to claim any matching roles in the system as Dynamic Hierarchy generated roles.

  21. Claim Matching Locations – Select this option to allow the Dynamic Hierarchy engine to claim any matching locations in the system as Dynamic Hierarchy generated locations.

  22. Role Assignment Removal Delay (Minutes) – Specify the time in minutes that the engine should wait to remove users who no longer meet the criteria for Role and Location assignments from those Roles and Locations.

  23. Empty Role Action – Specify the action EmpowerID should take if a generated role no longer contains any users. When doing so, you have the following options:

    • No Action

    • Delete – Deletes the role.

  24. Empty Location Action – Specify the action EmpowerID should take if a generated location no longer contains any users. When doing so, you have the following options:

    • No Action

    • Delete – Deletes the location.

  25. Level 1 Naming Convention {Value1} – At a minimum enter {Value1}. EmpowerID creates a dynamic Role and Location for each attribute matching the value selected from the External Role Level 1 and External Location Level 1 fields. For example, if you selected the JobTitle attribute for the external role and the Department for the external location, an external role is created for each unique job title and an external location is created for each department.

  26. Level 2 Naming Convention {Value1}{Value2} – If you are nesting roles and locations, for the first child enter {Value1}{Value2}. EmpowerID creates a dynamic Role and Location under the parent Role and Location for each attribute matching the values selected from the External Role Level 2 and External Location Level 2 fields.

  27. Level 3 Naming Convention {Value1}{Value2}{Value3} – If you are nesting roles and locations, for the child of the first child enter {Value1}{Value2{Value3}. EmpowerID creates a dynamic Role and Location under the first child Role and Location for each attribute matching the values selected from the External Role Level 3 and External Location Level 3 fields.

...

  1. .

    Image Added

     

  2. Fill out each section of the form according to your policy needs.

    Insert excerpt
    IL:Dynamic Hierarchies Form Fields
    IL:Dynamic Hierarchies Form Fields
    nameexternalrolesandlocations
    nopaneltrue

  3. Click Save.

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue
Insert excerpt
IL:External Stylesheet - v1
IL:External Stylesheet - v1
nopaneltrue