Skip to end of banner
Go to start of banner

Review Account Inbox Settings

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

When you connect EmpowerID to a user directory or other identity-aware application and turn on inventory, EmpowerID evaluates the accounts in those directories to determine whether EmpowerID People should be provisioned from those accounts. The logic that determines this is specified by the Join and Provision Rules, as well as the Join and Provision Filters, specified on the Account Inbox Settings page. Before turning on inventory, you should review these and adjust them as needed.

Review the Join and Provision rules for your environment

  1. On the navbar, expand Identity Lifecycle, and click Settings.

  2. This directs you to the Account Inbox Settings page, which contains settings that determine how EmpowerID should handle Joiner and Leaver processes in your environment. A description of the settings follows the image.


    Account Inbox Settings

    Setting

    Description

    Join and Provision Filter

    This setting is used to set the filtering logic for joining and provisioning people from accounts inventoried in an external, connected user directory. The default shipping logic ensures that for joining or provisioning, an inventoried account must meet the following criteria:

    • The account is not currently owned by a Person (The account's PersonID field IS NULL)

    • The account is active (The account's Disabled and Deleted fields are 0)

    • The account is not an Active Directory contact account or a non-personal account (The AccountTypeID field is not equal to 2 and the AccountUsageTypeID equals 1).

    • The account has valid FirstName and LastName values (The length of each field is greater than 0)

    If the account passes the filter logic, the below rules specify the criteria for joining the account to an EmpowerID Person.

    Join by Birth Date and First Name and Last Name

    Specifies that inventoried accounts be joined to an EmpowerID Person when the birth date, first name and last name of the account match that of an existing EmpowerID Person.

    Join by Email and First Name and Last Name

    Specifies that inventoried accounts be joined to an EmpowerID Person when the first name and last name of the account match that of an existing EmpowerID Person.

    Join by EmployeeID and First Name and Last Name

    Specifies that inventoried accounts be joined to an EmpowerID Person when the EmployeeID, first name and last name of the account match that of an existing EmpowerID Person.

    Join by Personal Email and First Name and Last Name

    Specifies that inventoried accounts be joined to an EmpowerID Person when the personal email, first name and last name of the account match that of an existing EmpowerID Person.

    Join by Custom Match

    Allows you to extend the existing join rules with custom logic.

    Join Rule

    Specifies whether joining an inventoried account to an EmpowerID Person is allowed.

    Provision Rule

    The default shipping logic ensures that for provisioning an EmpowerID Person from an inventoried account, the following conditions must be met:

    • Person provisioning is allowed (A.AllowProvision = 1)

    • An account store exists in EmpowerID for an external system

    • Person provisioning is allowed on the account store with the accounts

    If the above conditions are met, EmpowerID will provision an EmpowerID Person for each user account in a connected user directory that does not currently have a Person linked to it (based on the Join Filter and rules specified above).

    Core Identity Inbox Settings

    Join by First Name and Last Name

    Specifies that Person objects be joined to the same core identity when the first name and the last name attributes of the Person objects are the same.

    Join by Birth Date and First Name and Last Name

    Specifies that Person objects be joined to the same core identity when the birth date, first name and the last name attributes of the Person objects are the same.

    Join based on this list of comma separated attributes

    In addition to the above join rules, allows you to specify one or more custom Person attributes that must be the same in order for the Person objects to be joined to the same core identity.

    Core Identity Provision Rule

    Allows you to write custom provision rule for creating core identities.

    Planned Leaver Settings

    Planned Leaver Grace Period (Days)

    Specifies the number of days after a person has left the organization before the account is terminated.

    Initiator for Terminate Person Advanced Workflow (To Require or Avoid Approval)

    Specifies the Person object responsible for initiating the Terminate Person Advanced workflow.

    Disable Accounts with Mailboxes

    Specifies whether accounts with mailboxes should be disabled.

    Disable Accounts with Same Primary Person

    Specifies whether accounts linked to the same primary person should be disabled.

    Disable Accounts with Same CoreIdentity

    Specifies whether accounts of all the people linked to the same core identity should be disabled.

    Disable Primary Person Object

    Specifies whether all people claimed by the termination process should have their primary person accounts disabled.

    Disable People with Same CoreIdentity

    Specifies whether all people linked to the same core identity should have their person accounts disabled.

    Reset Password for Accounts with Same Primary Person

    Specifies whether to reset the passwords of all the people linked to the same core identity of the primary person via the “PasswordManagerPolicyName” policy setting. 

    Reset Password for Accounts with Same CoreIdentity

    Specifies whether to reset the passwords of all accounts belonging people linked to the same core identity of the primary person via the “PasswordManagerPolicyName” policy setting. 

    Reset Password for Person Objects with Same CoreIdentity

    Specifies whether to reset the passwords of all the people linked to the same core identity of the primary person via the “PasswordManagerPolicyName” policy setting. 

    Reset Primary Person Password

    Specifies whether to reset the primary person password via the “PasswordManagerPolicyName” policy setting. 

    Enable Responsibility Transfer

    Specifies whether responsibility transfer activities in the process should occur or be bypassed.

    Terminate Person Objects with Same Core Identity

    Specifies whether all people claimed by the termination process linked to the same core identity of the primary person should have their person accounts terminated.

    Terminate Accounts Owned By Primary Person Before RET

    Specifies whether accounts linked to the primary person’s accounts should be deleted. If set to true, the process used the value of “TerminateAccountsSameCoreIdentity” to determine whether to delete the accounts of linked people. 

    Terminate Accounts with Same Core Identity

    Specifies whether accounts linked to the same core identity of the primary person should have their accounts terminated.

    Password Manager Policy Name

    Specifies the Password Manager Policy name.

    Pre Leaver Threshold On Person

    Specifies the maximum number of person accounts that can be claimed for pre-leaver processing.

    Leaver Threshold On Person

    Specifies the maximum number of person accounts that can be claimed for leaver processing.

    Planned Leaver - Who to Terminate (Query-Based Collections)

    Leaver Termination Pre Termination SetGroup

    Specifies the Query-Based collection used to claim people to be processed for pre-termination.

    Leaver Termination People to Terminate SetGroup

    Specifies the Query-Based collection used to claim people to be processed for termination.

    Leaver Termination People to Reactivate SetGroup

    Specifies the Query-Based collection used to claim people to process reactivation from termination.

    Planned Leaver - Email Notifications

    Email Template Person Pre Termination Notification

    Specifies the email template used when sending notifications to people selected for pre-termination.

    Email Template Manager Pre Termination Notification

    Specifies the email template used when sending notifications to the managers of people when their direct reports have been selected for pre-termination.

    Email Template Admin Pre Termination Notification

    Specifies the email template used when sending notifications to administrators of all people selected for pre-termination.

    Admin Management Role GUIDs (For Notifications)

    Specifies the Management Roles needing to receive planned leaver notifications. All people belonging to the roles receive the notifications.

    Email Template Person Termination Notification

    Specifies the email template used when sending notifications to people who have been terminated by the Planned Leaver process.

    Email Template Manager Termination Notification

    Specifies the email template used when sending notifications to the managers of people who have been terminated by the Planned Leaver process.

    Email Template Admin Termination Notification

    Specifies the email template used when sending notifications to administrators whenever people have been terminated by the Planned Leaver process.

    Email Template Person Reactivated Notification

    Specifies the email template used when sending notifications to previously terminated people who have been reactivated.

    Email Template Manager Reactivated Notification

    Specifies the email template used when sending notifications to managers of previously terminated people who have been reactivated.

    Email Template Admin Reactivated Notification

    Specifies the email template used when sending notifications to administrators whenever previously terminated people who have been reactivated.


  3. Make any changes to the default settings as needed and then click Save.

  • No labels