Skip to end of banner
Go to start of banner

Person Versus Account

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

a

  • Core Identity – single entity per human or IoT​

  • Person — core identity can be the owner of other person objects ​

  • OrgRoIe — Business Role always assigned in conjunction with an Organizational Location ​

  • OrgZone — Organizational Location / Business Context always assigned in conjunction with a Business Role ​

  • Polyarchical RBAC — Business Roles and Locations are both hierarchical trees. People are assigned to one or more Business Roles each for a specific Location/Context. This polyarchy dramatically reduces the number of roles and eliminates role bloat ​

  • Company — people belong to companies via their Business Role and Location assignments ​

  • Personas — person core identity can be linked to multiple sub-person objects which are the ​professional identities — i.e. have the business ​information attached​

  • AccountStore – represents a directory or user store​

  • ProtectedApplicationResource – represents an application​

  • Account – user or HR record in an external directory/application​

  • Group – group or application role in an external directory/application​

  • GroupAccount – membership of user records in groups in external directories/applications​

Deciding When You Need a Person Object

  • If the account is the HR record for a human being

  • If ….

  • If you would like to shop for access in the IT Shop for the Account

  • If you would like to assign EmpowerID roles to the account so it receives policy-controlled access

  • If the account will be used to authenticate to the EmpowerID API

  • No labels