EmpowerID Role and Location mappings allow multiple AD or LDAP directory containers to be visually mapped to a logical location (EmpowerID Locations) for unified and easy management and delegation. When a mapping occurs, all the resources or objects located in the directory are assigned to a corresponding EmpowerID Location and can be used when delegating user rights and setting default policy settings.
If you create these mappings before your first inventory, all new people discovered by EmpowerID during the inventory process will be provisioned into EmpowerID Locations (instead of directory locations) and those EmpowerID Locations will be assigned to them as the "Location" portion of their Business Role and Location (BRL). For example, if you have a user named "Barney Smythe" in a London >> Contractors OU and a user named "Vincent Lopresti" in a London >> Employees OU and you map both of those London OUs to a single London location in EmpowerID, when you turn on your inventory the Location portion of the BRL for both Barney Smythe and Vincent LoPresti would be the EmpowerID Location and not the AD OUs.
If more than one OU is mapped to an EmpowerID Location, setting the IsPrimary property determines which mapping should be authoritative when used for various policies, such as creating accounts by RET and assigning primary Business Roles and Locations (when the Business Role and Location recalculation option is enabled).
EmpowerID provides two ways to map locations. You can map using the EmpowerID Web interface or in the EmpowerID Management Console.
Mapping locations using the Web interface
- From the navigation sidebar, expand Admin > Applications and Directories and click Role and Location Mapper.
- Select the Location Mapper tab.
- From the Location pane of the Location Mapper tab, enter the name of the EmpowerID location you want to map and press ENTER to load the location.
- Select the location from the tree.
rom the External Location pane, enter the name of the external directory location to which you want to map the EmpowerID location. Note that if you select an external location that is a parent location, the children of that location will be mapped to the selected EmpowerID location.
- Click Save to save the mapping.
- Repeat for any other mappings you wish to create.
Mapping with the EmpowerID Management Console
EmpowerID provides the following three methods for mapping locations using the Role and Location Mapper functionality of the EmpowerID Management Console:
Simple Drag-and-Drop — Selecting a location from the External Location tree and dragging it onto the EmpowerID Locations tree does not create a new EmpowerID location. It does, however, map the external location to the EmpowerID location onto which you drop it.
Drag-and-Drop in combination with the CTRL key — Pressing the CTRL key while dragging a location from the External Locations tree onto the EmpowerID Locations tree creates that location, and any children of the location, as EmpowerID locations and correspondingly maps these locations to each other in a one-to-one relationship.
Drag-and-Drop in combination with the SHIFT key — Pressing the SHIFT key while dragging a location from the External Locations tree onto the EmpowerID Locations tree does not create any new EmpowerID locations. It does, however, map the selected external location, and any children of the location, to the ONE EmpowerID location onto which you drop it.
Pressing F4 on your keyboard refreshes any mapping relationships on the screen, allowing you to see exactly which external locations are mapped to which EmpowerID Locations. This can be very helpful when dealing with numerous locations.
You can delete mappings by refreshing the mappings and then hovering your mouse over the mapping your want to delete, right-clicking it and selecting Remove Relationship from the context menu.