Skip to end of banner
Go to start of banner

Role and Location Mapper

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 5 Next »

EmpowerID Role and Location mappings allow multiple externally inventoried locations (e.g., AD, LDAP, HR) directory containers to be visually mapped to a logical location (EmpowerID Locations) for unified and easy management and delegation of resources. When a mapping occurs, all the resources or objects located in the directory are assigned to a corresponding EmpowerID Location and can be used when assigning user rights and setting default policy settings.

If you create these mappings before your first inventory, all new people discovered by EmpowerID during the inventory process will be provisioned into EmpowerID Locations (instead of directory locations), and those EmpowerID Locations will be assigned to them as the "Location" portion of their Business Role and Location (BRL). For example, if you have a user named "Barney Smythe" in a London >> Contractors OU and a user named "ChrisMcClure" in a London >> Employees OU, and you map both of those London OUs to a single London location in EmpowerID when you turn on your inventory, the Location portion of the BRL for both Barney Smythe and Chris McClure would be the EmpowerID Location and not the AD OUs.

After a major update patched into EmpowerID versions 209, 210, 211, 212, and 213, dynamic on-demand tree loading and enhanced server-side full-text search capabilities were implemented in location trees, business role trees, external location trees, and external business role trees. These updates significantly improve performance by loading only required nodes on demand and delivering more accurate search results. Application trees, company trees, and catalog trees remain on the previous implementation as they do not require these enhancements due to their smaller size.

If more than one OU is mapped to an EmpowerID Location, setting the IsPrimary property determines which mapping should be authoritative when used for various policies, such as creating accounts by RET and assigning primary Business Roles and Locations (when the Business Role and Location recalculation option is enabled).

When users search for groups or Business Roles in the IAM Shop, they will only see roles and groups located in or below the OrgZones (locations) specified in the appsettings.json file for the IAM Shop. Please find the more details here Changing IAM Shop Application and Business Roles Parent Nodes

Procedure

Please follow the steps below to use the Map Locations in EmpowerID.

Please be aware of selection behavior while you are following the steps below.

  • Automatic Selection of Visible Children: When you select a parent node, the system automatically selects all visible child nodes. However, only currently loaded or expanded nodes will be selected.

  • Expanding Nodes to Select All Descendants: To ensure all descendants under a node are selected, you must first expand the node to display its children.

  • Nodes with Unexpanded Children: Nodes with a "+" indicator contain unexpanded children that will not be selected unless the node is expanded.

  • User Action Required: Before selecting a parent node, expand all relevant nodes to display and select all desired child nodes.

  1. On the navbar, expand Identity Lifecycle and click Role and Location Mapper.

  2. Select the Location Mapper tab.

  3. From the External Source Location,  search and select the external location you want to map,

    1. (Optional) Select an Account Store from the first drop-down list if applicable.

    2. (Optional) Enter a location to narrow the search criteria.

    3. Click the Search icon to filter the results. Note that only specific levels of the hierarchy load initially. To select a location, Hover over the location node until a checkbox appears. Click on the checkbox to select the location. Ensure all relevant nodes are expanded before making selections, as the system only selects visible child nodes automatically when a parent node is checked.

      image-20250304-120402.png

  4. Select the Internal Destination location from the tree.

    1. Enter the search text, click the Search icon or press Enter. Initially, only two levels of the hierarchy load.

    2. To see more child nodes, click the (+) or Expand Location option. You can repeat this step to expand and view more child nodes as needed.

    3. Hover over the location node until the checkbox appears. Click on the checkbox to select the location, or simply click on the node to select. Ensure all relevant nodes are expanded before making selections, as the system only selects visible child nodes automatically when a parent node is checked.

      image-20250304-121805.png

  5. Click Save to save the mapping.

  6. Repeat for any other mappings you wish to create.

  • No labels