One of the key concepts to understanding EmpowerID is its Identity Warehouse sometimes known as the Identity and Entitlement Warehouse. This is the primary database of EmpowerID that stores all major data including: configuration and policies, major EmpowerID objects like Person and Roles, inbox and outbox queues used to stage detected changes and outbound changes between EmpowerID and managed systems, as well as the tables holding the inventoried objects and their data from external managed systems.
Outline
SQL - x tables, views, and stored procedures
Components - mainly exposed views and their methods via REST API and C# in Workflow Studio
Components can be extended
Custom REST API can be created in WF Studio - hosted in EID or as Microservices
Primary to understanding are the Person, Account, and Account store Identity Entry
EID balances live immediate actions with background queue-based jobs
Core Identity – single entity per human or IoT
Person — core identity can be the owner of other person objects
OrgRoIe — Business Role always assigned in conjunction with an Organizational Location
OrgZone — Organizational Location / Business Context always assigned in conjunction with a Business Role
Polyarchical RBAC — Business Roles and Locations are both hierarchical trees. People are assigned to one or more Business Roles each for a specific Location/Context. This polyarchy dramatically reduces the number of roles and eliminates role bloat
Company — people belong to companies via their Business Role and Location assignments
Personas — person core identity can be linked to multiple sub-person objects which are the professional identities — i.e. have the business information attached
AccountStore – represents a directory or user store
ProtectedApplicationResource – represents an application
Account – user or HR record in an external directory/application
Group – group or application role in an external directory/application
GroupAccount – membership of user records in groups in external directories/applications