EmpowerID Role and Location mappings allow multiple AD, LDAP or other external directory containers to be visually mapped to one or more roles and logical locations in EmpowerID for unified and easy management. For roles, when a mapping occurs, all the external roles are assigned to a corresponding EmpowerID Business Role. This ensures that users with roles in the external directory will have those same roles in EmpowerID.
For locations, when a mapping occurs, all the resources or objects located in the directory container are assigned to a corresponding EmpowerID location, allowing you to use those locations for delegating user access and setting default policy settings. If you create these mappings before your first inventory, all new people discovered by EmpowerID during the inventory process will be provisioned in EmpowerID locations (instead of directory locations), and those EmpowerID locations will be assigned to them as the "Location" portion of their Business Role and Location (BRL). For example, if you have a user named "Barney Smythe" in a London > Contractors OU and a user named "Kris McClure" in a London > Employees OU and you map both of those London OUs to a single London location in EmpowerID, when you turn on your inventory the Location portion of the BRL for both Barney Smythe and Kris McClure would be the EmpowerID location and not the external OUs.
In situations where you need to create custom external roles and locations using Dynamic Hierarchy policies, you will need to map roles and locations after inventory. When this is the case, EmpowerID places users discovered during inventory in the Temporary Role and Temporary Location. Once mapping is complete, the Role and Location Compiler job creates inbox entries for those users and the Role and Location Processor job processes those entries and places those users in the appropriate Business Role and Location.
On the navbar, expand Identity Lifecycle and select Role and Location Mapper.
Select the Role Mapper tab.
In the External Source Business Role pane of the Role Mapper tab, do the following:
In the first (upper) field - Search for and select the external directory containing the role you want to map, and
In the second (lower) field - Enter the name of the external role you want to map and press ENTER to load the role.
Select the role from the tree.
Select the Location Mapper tab.
In the External Source Location pane of the Location Mapper tab, do the following:
In the first (upper) field - Search for and select the external directory containing the location you want to map and
In the second (lower) field - Enter the name of the external location you want to map and press ENTER to load the location.
Select the location from the tree.
In the Internal Destination Location pane, enter the name of the EmpowerID location to which you want to map the external directory location and then select the location from the tree.
Click Save to save the mapping.
Repeat for any other mappings you wish to create.
If you select an external role or an external location that is a parent role or location, the children of that role or location will be mapped to the selected EmpowerID location.