Home / User Provisioning and Identity Lifecycle / Dynamic Hierarchy Policies / Current: Creating a Two-Level Attribute Management Roles Dynamic Hierarchy Policy |
EmpowerID provides the capability for you to create Dynamic Hierarchy policies that provision Management Roles and Management Role Definitions based on the value of two specified Person attributes, such as Title and City. When these type of policies first run, EmpowerID provisions the Management Role Definition based on the first level attribute chosen and the Management Role based on a combination of the first and second level attributes selected. After the parent Management Role Definitions and Management Roles are provisioned, Persons with attributes matching the two specified attributes is added to the Management Roles.
The Extension Attribute 1 value for each Management Role Definition and Management Role created by a Dynamic Hierarchy policy is internally managed by EmpowerID and should not be altered. |
Before creating a Dynamic Hierarchy Policy, you need to start each Dynamic Hierarchy job on at least one EmpowerID server. To start the jobs, open the EmpowerID Management Console and navigate to Configuration Manager. From Configuration Manager, click the EmpowerID Servers and Roles node and then enable each job by checking the box beside it so that it looks like the below image. |
Optionally, underneath Hierarchy Generation Schedule, click the Start and End fields and in the calendar control that appears for each field, specify the respective start and end dates for hierarchy generation to occur.
The default values for these fields is a start schedule of one day before the current day and an end date of 97 years from the start date. If you change these values, set the Start date to one day before the date specified in the Hierarchy Generation Next Run field to ensure the generation occurs as expected. |
Optionally, underneath Membership Recalculation Schedule, click the Start and End fields and in the calendar control that appears for each field, specify the respective start and end dates for hierarchy generation to occur.
|
Membership Change Alert - When Membership Change Alert Active is enabled (checked), this sends an alert when the membership of a Management Role created by the policy is changed by the policy. By default, the alert is set to Hierarchy Management Role Membership Changed alert.
EmpowerID includes default Alert email templates that are automatically selected for each type of Alert, but custom email alerts can be defined and selected as needed. To do so, click the Remove button to the right of the alert you wish to replace and then search for and select an alert. If you click the link for the alert rather than the Remove button, EmpowerID directs your browser to the View One page for the alert. |
The following image shows what the Alerts section looks like with all Alerts selected.