About Dynamic Hierarchies

Owned by Phillip Hanegan
Dec 04, 2024
2 min read

Dynamic Hierarchies in EmpowerID automate the lifecycle management of data-driven, nested groups within your organization. By leveraging authoritative enterprise data, EmpowerID's Dynamic Hierarchies engine enables the creation, updating, and removal of groups in systems like Active Directory and Azure Active Directory, without requiring manual intervention.

Dynamic Group Automation

EmpowerID’s Group Management module supports self-service and delegated administration for groups or application roles across multiple systems. Organizations can manage group membership and related administrative tasks through web-based interfaces and workflows. This module provides a flexible way to manage group lifecycles, including automated solutions for the more complex, data-driven groups that typically require custom scripts or manual upkeep.

These data-driven groups, which EmpowerID refers to as Dynamic Groups, are governed by attribute-based policies, using data from authoritative systems like HR databases. With EmpowerID's Dynamic Group Management module, the lifecycle of these groups—from creation and membership updates to retirement—can be entirely automated, resulting in consistent group lifecycle management.

EmpowerID Dynamic Group Hierarchies

EmpowerID’s Dynamic Hierarchies engine takes automation further by focusing on nested groups. Dynamic Hierarchies are particularly effective for organizations needing collaboration or email groups structured around their organizational hierarchy—such as groups for each location, company, division, department, or manager. Dynamic Hierarchy policies allow these nested groups to be automatically generated and maintained, drawing data from key systems like HR, Active Directory, or other sources.

A common use case for Dynamic Hierarchies involves creating a group for each company, with corresponding departmental groups nested within. As organizational data changes—for example, if a new department is added or an employee is promoted—Dynamic Hierarchies will update the group structure in real time to reflect these changes, keeping distribution lists and security groups in sync with the organization's current state. This hands-off approach ensures that organizational restructuring and personnel changes are always accurately reflected across group memberships.

Leveraging Authoritative Data Sources

One key feature of EmpowerID’s Dynamic Group Management and Dynamic Hierarchies is their ability to leverage data from nearly any system in your enterprise. EmpowerID's robust library of Identity Governance and Administration (IGA) connectors integrates with modern cloud systems, such as Workday, SuccessFactors, and Ultipro, as well as traditional on-premises systems like Active Directory, RACF, and SAP.

Using these authoritative sources of user and HR data, EmpowerID enables flexible attribute-based policies that keep group memberships up-to-date for collaboration and security. This functionality reduces the need for manual group management, improving efficiency and accuracy.

Benefits of Dynamic Hierarchies

  • Full Automation: Dynamic Hierarchies ensure group creation, updates, and deletions happen automatically in response to changes in the underlying authoritative data.

  • Scalable Group Management: Groups are generated and nested to reflect the organizational structure, making them more useful for collaboration and reducing administrative effort.

  • Improved Accuracy: Changes in HR or other source systems—like promotions, departmental shifts, or reorganizations—are automatically mirrored in the corresponding groups.

Dynamic Hierarchies provide a seamless, scalable solution for managing complex group lifecycles. EmpowerID allows organizations to align IT resources with their business structure by automating group creation and maintenance, ensuring collaboration, and enforcing security policies effectively.

Next Steps

For creating different types of Dynamic Hierarchies, see the following articles:
Organization Chart Groups

Dynamic Hierarchy Policy for Person Attribute Management Roles

Use Dynamic Hierarchy Policies to Create One-Level Triple Attributes Groups

Two-Level Management Roles

One-Level Dual Attributes

Use Dynamic Hierarchy Policies to Create Two-Level Attribute Nested Groups

Use Dynamic Hierarchy Policies to Create External Roles and Locations

 

Â