You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Role and Location Mapping

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

In EmpowerID, Role and Location Mapping refers to the process of associating external roles and locations originating from external authoritative sources with internal RBAC (Role-Based Access Control) Business Roles and Locations. This mapping is instrumental in determining identity provisioning and access assignments. As user accounts are received from authoritative sources, such as an HR system, they are linked to external role and location assignments based on the attributes and data provided by the external system. As these user accounts are integrated into the EmpowerID ecosystem and associated with a person's identity, the external role and location assignments are translated into EmpowerID Business Roles and Locations through predefined mapping rules.

In the illustrated concept, the source directory contains essential information such as an employee record, job code, and location code. Through role and location mappings in EmpowerID, the job code can be systematically translated into an EmpowerID Business Role, and the location code can be mapped to an EmpowerID Location. These internally defined roles and locations are subsequently assigned to the person object that corresponds to the user account, effectively configuring access and provisioning based on their organizational roles and locations.

It is important to highlight that the identification of external roles and locations often relies on the connector mappings of organizational information, which is the standard and most common methodology. However, in scenarios where an external system lacks a well-defined representation of the organizational structure necessary for creating external roles and locations, EmpowerID offers the flexibility to create dynamic hierarchy policies. These policies can dynamically combine up to three attributes to generate external roles and up to three attributes to create external locations automatically. EmpowerID's intuitive Web UI facilitates the straightforward creation of these dynamic hierarchy policies, ensuring adaptability to various organizational structures and data sources.

Key Terms to know

RBAC Mapping – the ability to inventory role and location hierarchies from external systems and use the assignment of users to these hierarchies to automate and drive Business Role and Location assignments in EmpowerID

ExternalOrgRole – job codes or roles inventoried from a connected system

ExternalOrgZone – organizational structure inventoried from a connected system

AccountExternalOrgRoleExternalOrgZone – assignments of users or HR records to roles and locations in a connected system

OrgRoleExternalOrgRole – mapping of EmpowerID Business Role to external system roles

OrgZoneExternalOrgZone – mapping of EmpowerID Business Location to external system locations

  • No labels