If you have an attribute in an external system to which you are connecting EmpowerID that is not defined in the EmpowerID schema, you can add the attribute to the EmpowerID schema and map it to an extension attribute on the appropriate EmpowerID object. This article demonstrates this be adding to the schema a user attribute from Active Directory not defined in EmpowerID. The attribute can then be flowed from the user account to the linked account and Person in EmpowerID.
For attribute flow to occur, the external attribute must be an attribute that EmpowerID inventories.
To extend the schema in this way, you need to the following:
Add an Object Attribute for the external attribute
Add a Security Boundary Attribute for the external attribute
Add a Security Boundary Object Attribute for the external attribute
Add a Security Boundary Attribute for the new attribute in EmpowerID
Add two Security Boundary Attributes for EmpowerID Person (one of Object Type EmpowerID account and one of Object Type EmpowerID Person)
Add Object Attribute
On the navbar, expand Admin > Applications and Directories and click Manage Schema.
Select the Object Attributes tab and then click the Add button on the grid header.
Enter the following information for the Object Attribute:
Name — Name of the Object Attribute in EmpowerID
Display Name — Display name of the Object Attribute
Description — Description of the Object Attribute
Object Attribute Type — Attribute type, such as String
Leave the other fields as is and click Save.
Add Security Boundary Attribute for the external system
On the Schema page, select the Security Boundary Attributes tab and then click the Add button on the grid header.
Enter the following information for the Security Boundary Attribute:
Name — Name of the attribute in the external system
Attribute Type — Attribute type, such as String
Directory Data Type — DirectoryString for string
Security Boundary Type — Type of the Security Boundary, such as AD for Active Directory
Object Attribute — Select the Object Attribute created above
Leave the other fields as is and click Save.
Add Security Boundary Object Attribute
On the Schema page, select the Security Boundary Object Attributes tab and then click the Add button on the grid header.
Enter the following information for the Security Boundary Object Attribute:
Select Existing Attribute — Select the Security Boundary Attribute created above
Object Type — Select the appropriate type, such as user
Select RBAC Object — Select the appropriate EmpowerID RBAC Object, such as Account for user account
RBAC Object Attribute — Select the desired extension attribute where EmpowerID should store the Security Boundary Object Attribute (after extension attribute 16).
Click Save.
Add Security Boundary Attribute for EmpowerID
On the Schema page, select the Security Boundary Attributes tab and then click the Add button on the grid header.
Enter the following information for the Security Boundary Attribute:
Name — Name of the attribute in the external system
Attribute Type — Attribute type, such as String
Directory Data Type — DirectoryString for string
Security Boundary Type — EmpowerID
Object Attribute — Select the Object Attribute created above
Leave the other fields as is and click Save.
Add a Security Boundary Object Attribute for EmpowerID Person of Object Type EmpowerID Account
On the Schema page, select the Security Boundary Object Attributes tab and then click the Add button on the grid header.
Enter the following information for the Security Boundary Object Attribute:
Select Existing Attribute — Select the Security Boundary Attribute created above
Object Type — Select EmpowerID Account
Select RBAC Object — Leave blank
RBAC Object Attribute — Leave blank
Click Save.
Add a Security Boundary Object Attribute for EmpowerID Person of Object Type EmpowerID Person
On the Schema page, select the Security Boundary Object Attributes tab and then click the Add button on the grid header.
Enter the following information for the Security Boundary Object Attribute:
Select Existing Attribute — Select the Security Boundary Attribute created above
Object Type — Select EmpowerID Person
Select RBAC Object — Leave blank
RBAC Object Attribute — Leave blank
Click Save.
You can now configure the attribute flow for the new attribute.
If the new attribute does not appear immediately after creating it, you can refresh the Attribute Flow Schema by doing the following:
Click the Refresh Attribute Flow Schema for Account Store action link on the Find Account Store page.