Skip to end of banner
Go to start of banner

Attribute Flow

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Key Points

  • Attribute Flow is a flexible process that is used to detect changes that occur to a managed identity by comparing the attributes of each EmpowerID Person object with the attributes of each user account that has been joined to those Person objects.

  • When attribute changes are detected for an attribute configured to flow, EmpowerID flags the account and processes those changes, issuing commands to update any affected attributes in either the EmpowerID Identity Warehouse (metadirectory) or the connected account store, depending on the origin of the change.

  • If the changes occurred through actions originating in an Account Store, EmpowerID retrieves those changes and records them in the Identity Warehouse, where they are evaluated and either used to update the Identity Warehouse or discarded as appropriate.

Attribute Flow Configuration Processes

  • Attribute flow rules are defined per attribute per account store to determine what attributes should flow, in what direction, and with what priority.  This is the lowest level of granularity in the configuration process.

  • At the account store configuration level, attribute flow can be disabled for the entire account store so that attributes will not be evaluated for any accounts in the account store.

  • At the system level, attribute flow processing can be either disabled or enabled to facilitate the flow of attributes from external accounts to the EmpowerID Person identity.Attribute flow rules are defined per attribute per account store to determine what attributes should flow, in what direction, and with what priority.  This is the lowest level of granularity in the configuration process.

  • At the account store configuration level, attribute flow can be disabled for the entire account store so that attributes will not be evaluated for any accounts in the account store.

  • At the system level, attribute flow processing can be either disabled or enabled to facilitate the flow of attributes from external accounts to the EmpowerID Person identity.

Flow Rules – Type and Direction

 No Sync – When this option is selected, no information flows between EmpowerID and the native system.

 Bidirectional Flow – When this option is selected, changes made within EmpowerID update the native system and vice-versa.

 Account Store Changes Only – When this option is selected, changes can only be made in the native system and are then passed to EmpowerID.

 EmpowerID Changes Only – When this option is selected, changes can only be made in EmpowerID and are then passed to the native system.

Flow Rules – Weighting and Scoring (Data Quality)

  • Create Score – In the event of conflicting updates from 2 separate accounts, this weighting determines which account attribute value will take precedence if the current person attribute is null

  • Update Score - In the event of conflicting updates from 2 separate accounts, this weighting determines which account attribute value will take precedence if the current person attribute has a value

  • Delete Score – In the event that an attribute value from one account store has a value in it and another has a null value, this weighting determines if the value should be nulled or not.  If the account store with the null value has a higher weighting, then the attribute will be nulled.  Otherwise, it will be left alone.

Inventory and Attribute Flow

Attribute Flow Handlers

  • By default, EmpowerID retrieves attribute values for each user account in a connected account store and maps them value for value to the corresponding Person attributes stored in the EmpowerID Identity Warehouse.

  • In this way, if the value of "State" for an AD user account is "Massachusetts" then the value of "State" for that account's Person object in EmpowerID is "Massachusetts."

  • Attribute Flow Handlers allow you to customize this logic by writing your own code to handle value transformations on a per attribute basis

The diagram below provides an overview of the Attribute flow rules and relationships between accounts, person identities, and core identities.

 

Attribute Flow Demo


https://youtu.be/NKMelV8df8g

Related Docs Topics:

Configure Attribute Flow

  • No labels