You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Role and Location Mapping

Owned by Phillip Hanegan
Last updated: Oct 18, 2023
2 min read

In EmpowerID, Role and Location Mapping refers to the process of associating external roles and locations originating from external authoritative sources with internal RBAC (Role-Based Access Control) Business Roles and Locations. This mapping is instrumental in determining identity provisioning and access assignments. As user accounts are received from authoritative sources, such as an HR system, they are linked to external role and location assignments based on the attributes and data provided by the external system. As these user accounts are integrated into the EmpowerID ecosystem and associated with a person's identity, the external role and location assignments are translated into EmpowerID Business Roles and Locations through predefined mapping rules.

Mapping between job and location codes in an HR system to EmpowerID Business Roles and Locations

In the illustrated concept, the source directory contains essential information such as an employee record, job code, and location code. Through role and location mappings in EmpowerID, the job code can be systematically translated into an EmpowerID Business Role, and the location code can be mapped to an EmpowerID Location. These internally defined roles and locations are subsequently assigned to the person object that corresponds to the user account, effectively configuring access and provisioning based on their organizational roles and locations.

It is important to highlight that the identification of external roles and locations often relies on the connector mappings of organizational information, which is the standard and most common methodology. However, in scenarios where an external system lacks a well-defined representation of the organizational structure necessary for creating external roles and locations, EmpowerID offers the flexibility to create dynamic hierarchy policies. These policies can dynamically combine up to three attributes to generate external roles and up to three attributes to create external locations automatically. EmpowerID's intuitive Web UI facilitates the straightforward creation of these dynamic hierarchy policies, ensuring adaptability to various organizational structures and data sources.

Key Terms to know

•RBAC Mapping – the ability to inventory role and location hierarchies from external systems and use the assignment of users to these hierarchies to automate and drive Business Role and Location assignments in EmpowerID

•ExternalOrgRole – job codes or roles inventoried from a connected system

•ExternalOrgZone – organizational structure inventoried from a connected system

•AccountExternalOrgRoleExternalOrgZone – assignments of users or HR records to roles and locations in a connected system

•OrgRoleExternalOrgRole – mapping of EmpowerID Business Role to external system roles

•OrgZoneExternalOrgZone – mapping of EmpowerID Business Location to external system locations

Data model showing the relationship between external roles and locations, EmpowerID roles and locations, inventoried accounts, and EmpowerID Person objects.