Add Attributes to the EmpowerID Schema

If you have an attribute in an external system to which you are connecting EmpowerID that is not defined in the EmpowerID schema, you can add the attribute to the EmpowerID schema and map it to an extension attribute on the appropriate EmpowerID object. This article demonstrates this by adding to the schema a user attribute from Active Directory not defined in EmpowerID. The attribute can then flow from the user account to the linked account and Person in EmpowerID.

For attribute flow to occur, the external attribute must be an attribute that EmpowerID inventories.

To extend the schema in this way, you need to do the following:

  • Add an Object Attribute for the external attribute

  • Add a Security Boundary Attribute for the external attribute

  • Add a Security Boundary Object Attribute for the external attribute

  • Add a Security Boundary Attribute for the new attribute in EmpowerID

  • Add two Security Boundary Attributes for EmpowerID Person (one of Object Type EmpowerID account and one of Object Type EmpowerID Person)

Step 1 – Add Object Attribute

  1. On the navbar, expand Admin > Applications and Directories and click Manage Schema.

  2. Select the Object Attributes tab and then click the Add button on the grid header.

  3. Enter the following information for the Object Attribute:

    • Name – Name of the Object Attribute in EmpowerID

    • Display Name – Display name of the Object Attribute

    • Description – Description of the Object Attribute

    • Object Attribute Type – Attribute type, such as String

  4. Leave the other fields as is and click Save.

Step 2 – Add Security Boundary Attribute for the external system

  1. On the Schema page, select the Security Boundary Attributes tab and then click the Add button on the grid header.

  2. Enter the following information for the Security Boundary Attribute:

    • Name – Name of the attribute in the external system

    • Attribute Type – Attribute type, such as String

    • Directory Data Type – DirectoryString for string

    • Security Boundary Type – Type of the Security Boundary, such as AD for Active Directory

    • Object Attribute – Select the Object Attribute created above

  3. Leave the other fields as is and click Save.

Step 3 – Add Security Boundary Object Attribute

  1. On the Schema page, select the Security Boundary Object Attributes tab and then click the Add button on the grid header.

  2. Enter the following information for the Security Boundary Object Attribute:

    • Select Existing Attribute – Select the Security Boundary Attribute created above

    • Object Type – Select the appropriate type, such as user

    • Select RBAC Object – Select the appropriate EmpowerID RBAC Object, such as Account for user account

    • RBAC Object Attribute – Select the desired extension attribute where EmpowerID should store the Security Boundary Object Attribute (after extension attribute 16).

  3. Click Save.

Step 4 – Add Security Boundary Attribute for EmpowerID

  1. On the Schema page, select the Security Boundary Attributes tab and then click the Add button on the grid header.

  2. Enter the following information for the Security Boundary Attribute:

    • Name – Name of the attribute in the external system

    • Attribute Type – Attribute type, such as String

    • Directory Data Type – DirectoryString for string

    • Security Boundary Type – EmpowerID

    • Object Attribute – Select the Object Attribute created above

  3. Leave the other fields as is and click Save.

Step 5 – Add a Security Boundary Object Attribute for EmpowerID Person of Object Type EmpowerID Account

  1. On the Schema page, select the Security Boundary Object Attributes tab and then click the Add button on the grid header.

  2. Enter the following information for the Security Boundary Object Attribute:

    • Select Existing Attribute – Select the Security Boundary Attribute created above

    • Object Type – Select EmpowerID Account

    • Select RBAC Object – Leave blank

    • RBAC Object Attribute – Leave blank

  3. Click Save.

Step 6 – Add a Security Boundary Object Attribute for EmpowerID Person of Object Type EmpowerID Person

  1. On the Schema page, select the Security Boundary Object Attributes tab and then click the Add button on the grid header.

  2. Enter the following information for the Security Boundary Object Attribute:

    • Select Existing Attribute – Select the Security Boundary Attribute created above

    • Object Type – Select EmpowerID Person

    • Select RBAC Object – Leave blank

    • RBAC Object Attribute – Leave blank

  3. Click Save.

You can now configure the attribute flow for the new attribute.

If the new attribute does not appear immediately after creating it, you can refresh the Attribute Flow Schema by doing the following:

  • Click the Refresh Attribute Flow Schema for Account Store action link on the Find Account Store page.


Next Steps

Configure Attribute Flow