You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Prepare Data Model Mapping File

In EmpowerID, a Data Model Mapping file serves as a blueprint for transferring data between delimited flat files and the EmpowerID Data Model. This CSV-formatted file defines how each column in a delimited file corresponds to specific attributes within the EmpowerID Data Model.

For outbound operations, the mapping file indicates which EmpowerID Data Model attributes should be exported into specific columns in the flat file. Conversely, the file identifies which columns from the delimited flat file should be imported into corresponding attributes within the EmpowerID Data Model for inbound operations.

For example, you may export the 'BirthDay' attribute from EmpowerID into the 'Date_of_Birth' column in a flat file. Similarly, you can import data from the 'Date_of_Birth' column back into the 'BirthDay' attribute in the EmpowerID database.

The Data Model Mapping file must be in CSV format.

Download Sample Files

For your convenience, we have included a sample model mapping file and a CSV file containing data that you can use to test the Flat File connector. These resources can serve as a starting point to help you better understand how the file works, and you can modify them as per your specific needs. Please feel free to download and customize the files as needed.

Description

Download (Click on the file below)

Description

Download (Click on the file below)

This CSV file contains a dataset with fictional information about HR Data, such as individual names, unique identifiers, employment details, and more.

Please use this CSV file as a source file for user data when testing the flat file connector.

 

This CSV file is an example mapping file that shows how data from external sources can be synchronized with corresponding attributes in the EmpowerID identity management system. Each row in the file represents a mapping between data fields and EmpowerID attributes and includes details such as synchronization direction, priority, and other relevant information.

Please use this file as a 'Data Model Mapping File' to test the flat file connector.

 

Understand Attributes for Model Mapping

The data mapping file consists of various attributes or columns, each of which has a specific meaning concerning data synchronization with the flat file connector. The mapping file should provide the corresponding values for each attribute. If the values are correct, then the data will synchronize accurately between the data file and EmpowerID, or vice versa. Let’s explore the necessary attributes of the mapping file,

Attributes (Column Names)

Description

Attributes (Column Names)

Description

ObjectAttributeName

This column represents the EmpowerID Object Attribute Name stored in the EmpowerID data model, such as ObjectAttributeName, EmployeeID, ExtensionAttribute1, FirstName, LastName, LogonName, OrgUnit.

PersonSecurityBoundaryAttributeName

The PersonSecurityBoundaryAttributeName attribute represents the person security boundary attribute of the security boundaries and must be specified for all attributes listed in the ObjectAttributeName column. For example, Login is the PersonSecurityBoundaryAttributeName for the LogonName ObjectAttributeName and ManagerPersonID for Manager.

SystemSecurityBoundaryAttributeName

The values in this column represent the attributes associated with system security boundaries and correspond to the column names in the Flat Files. Specifically, the SystemSecurityBoundaryAttributeName is the column name you should look for in the data file.

RbacObjectName

An RBAC object name refers to an entity within EmpowerID, such as an Account ExternalOrgZone or ExternalOrgRole. Please provide a value from these options.

RbacObjectAttributeName

This column represents the EmpowerID RbacObjectAttributeName such as ValidUntil, Company, CostCenter, Department, DepartmentNumber, EffectiveStartDate, EmployeeID, ExtensionAttribute1, ExtensionAttribute2, ExtensionAttribute3, ExtensionAttribute4.

SyncDirection

This column represents the data synchronization or transfer direction between EmpowerID and external systems. The possible values are Inbound, Outbound, and Bidirectional. It is important to note that even if a connector is bidirectional, a specific property may have an outbound sync direction. This means that the connector can act bidirectionally for all other attributes but will be outbound for a particular attribute.

Priority

This column represents the priority of the security boundary. This is an optional field; you can leave it empty.

MaxLength

This property refers to the maximum length or size allowed for a data field or string. This is an optional field; you can leave it empty.

SyncAttributeHandlerAssembly

The SyncAttributeHandlerAssembly property refers to the assembly responsible for attribute handling. This is an optional field; you can leave it empty.

SyncAttributeHandlerType

This column represents the type of synchronization handler used. This field is optional.

AttributeFlowAssembly

This column represents the assembly that manages attribute flow within EmpowerID and external systems. This field is optional.

AttributeFlowType

This column represents a system's different types or modes of attribute flow. This field is optional.

 

Gather Values for Model Mapping Attributes

It is important to ensure that the attributes of columns in the mapping file are accurately defined to match the specific attribute required for model mapping. To achieve this, you can customize the sample data mapping file by providing the appropriate values for each attribute. Alternatively, you can create your own CSV data mapping files that contain the required attributes.

However, it is essential to note that the column headers must have fixed names that represent specific attributes to enable the flat file connector to function correctly. Additionally, you need to identify the values that correspond to each attribute and ensure that they are accurately defined to achieve efficient model mapping. You can follow two approaches to generate and fill the model mapping file.

  1. Run SQL query that generates all the attributes for model mapping and their values. You can export the results to a CSV file and then ensure that you specify the correct SecurityBoundaryAttributeName values and flow direction. Find more information in the section below Find Attribute Values using SQL Query.

  2. Download and use the sample file. Find the right values for the attributes from the EmpowerID UI. Find more information in the section below Find Attribute Values using EmpowerID UI.

Follow the instructions below to

Find Attribute Values using SQL Query

To populate all attribute values for model mapping, execute the SQL query and save the results in CSV format. Please note that the query will return all available attributes, so make sure to remove any unnecessary ones.

--------- WITH NumberedRows AS ( SELECT *, ROW_NUMBER() OVER (PARTITION BY [ObjectAttributeName] ORDER BY (SELECT NULL)) AS rn FROM [EmpowerID].[dbo].[AccountStoreObjectAttributeSyncView] ) SELECT [ObjectAttributeName] ,[RBACObjectAttributePersonName] as "PersonSecurityBoundaryAttributeName", [SecurityBoundaryAttributeName], [RBACObjectAttributePersonName] as "RbacObjectAttributeName", [AttributeSyncTypeName] as "SyncDirection", [AttributeFlowAssembly], [AttributeFlowType] FROM NumberedRows WHERE rn = 1

Please ensure that you specify the correct SecurityBoundaryAttributeName values and flow direction in the CSV files you have generated.

Find Attribute Values using EmpowerID UI

Please use these instructions to find attribute values for model mapping of the Flat File Connector in EmpowerID UI.

Find ObjectAttributeName

The mapping file should begin with ObjectAttributeName. Follow the steps below to obtain the necessary values for ObjectAttributeName.

  1. Log in to EmpowerID with the necessary permissions.

  2. Navigate to Admin → Application and Directories → Manage Schema

  3. Click on the Security Boundary Attributes tab.

  4. Click on the down arrow on the search textbox to open the advanced search options.

  5. Let's find the Object Attribute we need. To do this, select the Security Boundary Type and click on Search. A quick way to locate the object attributes is by searching using the Security Boundary Type. For example, if you need to write the LOCAT attribute to the flat file and know it comes from SAP-HR, you can narrow down the results by filtering using the same Security Boundary Type.

     

     

  6. When importing or exporting data, knowing the attributes of the object field you're interested in is important. Add the required attribute to the "ObjectAttributeName" column to map the attributes correctly in the mapping file. For instance, if you need to import or export the "LOCAT" field, you should look for its object attribute, which is "StreetAddress3". To map the attribute correctly, you should write "StreetAddress3" in the mapping file's " ObjectAttributeName " column.

Find PersonSecurityBoundaryAttributeName

In the previous section, we learned how to identify the ObjectAttributeName. The mapping file has an additional column for the PersonSecurityBoundaryAttributeName, which must be provided for all attributes listed in the ObjectAttributeName column. To find the PersonSecurityBoundaryAttributeName, follow the instructions below.

  1. Navigate to Admin → Application and Directories → Manage Schema

  2. Click on the Security Boundary Attributes tab.

  3. Click on the down arrow on the search textbox to bring advanced search options.

  4. Change the Security Boundary Type to EmpowerID, provide the ObjectAttribute Name you are looking for, and click on Search. In the screenshot below, we are searching for StreetAddress3.

     

     

  5. Update the mapping file with PersonSecurityBoundaryAttributeName, like StreetAddress3.

Find SystemSecurityBoundaryAttributeName

The SystemSecurityBoundaryAttributeName values are the column headers of the Flat Files. Please specify the appropriate headers for the connector to import the fields from the Flat Files into the corresponding fields in EmpowerID.

 

 

 

 

 

 

 

 

 

Find RbacObjectName

An RBAC object name refers to an entity, i.e., a database table within EmpowerID, such as an Account ExternalOrgZone or ExternalOrgRole. Please provide a value from these options.

Find RbacObjectAttributeName

RbacObjectAttributeName is the column name in the RbacObject Name table specified earlier. Follow the steps below to find the list of RbacObjectAttributeName information.

  1. Navigate to Admin → Application and Directories → Manage Schema.

  2. Click on the RbacObjectAttribute tab.

  3. Click on the down arrow on the search textbox to bring advanced search options.

  4. To filter all Account object attributes, type "Account" in the ComponentName and click the Search button. You can also enter a name to find attributes with a similar name. If there is no similar attribute in the Account RbacObject, an ExtensionAttribute or a CustomAttribute can be used.

     

  5. Identify the attribute name and add it to the mapping file. For example, "StreetAddress3" is an attribute for the above account.

 

Determine SyncDirection

Specify the direction of data synchronization or transfer between EmpowerID and external systems. The possible values are Inbound, Outbound, and Bidirectional. It is important to note that even if a connector is bidirectional, a specific property may have an outbound sync direction. This means that the connector can act bidirectionally for all other attributes but will be outbound for a particular attribute.

Inbound

Use inbound mode to sync an attribute from the external system into EmpowerID.

Outbound

With Outbound mode, attribute changes in EmpowerID will be synced into specified columns of flat files.

Bidirectional

Bidirectional mode synchronizes attributes from the External system into EmpowerId and vice versa using flat files.

Review and Complete Model Mapping File

After preparing and completing all attributes and values in your model mapping file, conduct a thorough review to ensure no missed steps or information. Check common areas such as:

  • Ensure that all attributes and values in the file are complete and accurate.

  • Verify that there are no spaces or special characters in the column names and attributes.

  • Confirm that the SystemSecurityBoundaryAttributeName values are exactly the same as the column headers in the Flat Files.

  • Double-check that the SyncDirection is correctly specified and has valid values.