Scheduled Connector Jobs

Owned by Phillip Hanegan
Oct 11, 2021
3 min read

EmpowerID has six main jobs that run on a schedule for resource systems. Not all of these apply to all system types, and each can be scheduled per resource system.

  1. Inventory

    • The Inventory job runs on a configurable, scheduled basis for each connected resource system to retrieve user, group, and other important identity-related information from those systems. Initial inventory information is stored in the EmpowerID Identity Warehouse, where it is managed and synchronized with information in those systems. Changes occurring in the system are retrieved during each subsequent job run.

  2. Membership (Group Membership Reconciliation)

    • The Group Membership Reconciliation job evaluates the current "as is" membership of groups versus the "should be" state of membership, based on dynamic RBAC assignments of the "Member" Access Level in EmpowerID. This job is scheduled per resource system or account store.

  3. Rights Enforcement (Enforcement)

    • The Rights Enforcement job adds or removes native permissions for resources in external systems based upon the current state of RBAC delegations. The actual granting or revoking of rights for external systems can result in calls to other agents in order to complete the action. This Job is scheduled per resource system or account store.

  4. Rights Inventory

    • The Rights Inventory job adds or removes native permissions for resources in external systems based upon the current state of RBAC delegations. The actual granting or revoking of rights for external systems can result in calls to other agents in order to complete the action. This Job is scheduled per resource system or account store.

  5. Resource Role Reconciliation (Projection)

    • The Resource Role Reconciliation job manages the membership of EmpowerID Resource Role groups (RRGs). It determines who should currently be a member of those RRGs and then modifies the membership to match. This job is scheduled per resource system or account store.

  6. Deleted Object Detection

    • Deleted Object Detection is a configurable setting applicable to Active Directory account stores. The setting specifies whether EmpowerID is to inventory the deleted objects container of the external system. If you will be managing an Active Directory Domain, the proxy account used to connect EmpowerID to the domain must be able to access the deleted items container in AD. Access to the Deleted Items container requires Domain Admin access unless the container security is edited to allow non-domain admins to read it.

To access the complete list of jobs in the EmpowerID UI, navigate to:

Infrastructure Admin → EmpowerID Servers and Settings → EmpowerID Servers and select the Server Jobs tab.

 

To manage the activation/deactivation of the specific job functionality for a particular account store or resource system, navigate to the account store management page under the Admin navigation node and edit one of the account stores as shown below:

Editing the Resource System for an Account Store shows the Jobs and their schedules

 

 

For a job to run for a Resource System, the settings must be enabled on the Resource System, and the corresponding jobs must be assigned to a server role in use by a running Worker role container.

Related Docs Topics:

Jobs