You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
Key PointsAttribute Flow is a flexible process that is used to detect changes that occur to a managed identity by comparing the attributes of each EmpowerID Person object with the attributes of each user account that has been joined to those Person objects. When attribute changes are detected for an attribute configured to flow, EmpowerID flags the account and processes those changes, issuing commands to update any affected attributes in either the EmpowerID Identity Warehouse (metadirectory) or the connected account store, depending on the origin of the change. If the changes occurred through actions originating in an Account Store, EmpowerID retrieves those changes and records them in the Identity Warehouse, where they are evaluated and either used to update the Identity Warehouse or discarded as appropriate.
|
|
Attribute Flow Configuration ProcessesAttribute flow rules are defined per attribute per account store to determine what attributes should flow, in what direction, and with what priority. This is the lowest level of granularity in the configuration process. At the account store configuration level, attribute flow can be disabled for the entire account store so that attributes will not be evaluated for any accounts in the account store. At the system level, attribute flow processing can be either disabled or enabled to facilitate the flow of attributes from external accounts to the EmpowerID Person identity.Attribute flow rules are defined per attribute per account store to determine what attributes should flow, in what direction, and with what priority. This is the lowest level of granularity in the configuration process. At the account store configuration level, attribute flow can be disabled for the entire account store so that attributes will not be evaluated for any accounts in the account store. At the system level, attribute flow processing can be either disabled or enabled to facilitate the flow of attributes from external accounts to the EmpowerID Person identity.
|
|
Flow Rules – Type and Direction No Sync – When this option is selected, no information flows between EmpowerID and the native system. Bidirectional Flow – When this option is selected, changes made within EmpowerID update the native system and vice-versa. Account Store Changes Only – When this option is selected, changes can only be made in the native system and are then passed to EmpowerID. EmpowerID Changes Only – When this option is selected, changes can only be made in EmpowerID and are then passed to the native system. |
|
Flow Rules – Weighting and Scoring (Data Quality)Create Score – In the event of conflicting updates from 2 separate accounts, this weighting determines which account attribute value will take precedence if the current person attribute is null Update Score - In the event of conflicting updates from 2 separate accounts, this weighting determines which account attribute value will take precedence if the current person attribute has a value Delete Score – In the event that an attribute value from one account store has a value in it and another has a null value, this weighting determines if the value should be nulled or not. If the account store with the null value has a higher weighting, then the attribute will be nulled. Otherwise, it will be left alone.
|
|
Inventory and Attribute Flow |
|
Attribute Flow HandlersBy default, EmpowerID retrieves attribute values for each user account in a connected account store and maps them value for value to the corresponding Person attributes stored in the EmpowerID Identity Warehouse. In this way, if the value of "State" for an AD user account is "Massachusetts" then the value of "State" for that account's Person object in EmpowerID is "Massachusetts." Attribute Flow Handlers allow you to customize this logic by writing your own code to handle value transformations on a per attribute basis
|
|
The diagram below provides an overview of the Attribute flow rules and relationships between accounts, person identities, and core identities.
Step1 – The Attribute Flow engine evaluates the attribute flow rules including directionality and weighting to determine what attributes need to be updated to the Person record from the account records joined to the Persson along with which attributes should be exported for updates to the account.
Step 2 – The Person record is updated with the resulting set of attribute values determined by the attribute flow engine. Export files are created with any attribute values that need to be updated in the native system accounts.
Step 3 – The Attribute Flow engine evaluates the attribute flow rules including directionality and weighting to determine what attributes need to be updated to the Core Identity record from the Person records joined to the Core Identity along with which attributes should be exported for updates to the account.
Step 4 – The Core Identity record is updated with the resulting set of attribute values determined by the Attribute Flow engine. The Person objects are updated with any attribute values that need to be updated based on the flow rules.
Step 5 – An API call is made to update an account record for an existing account. Attribute updates continue normally.
Attribute Flow Demo
https://youtu.be/NKMelV8df8g