Connecting to External Systems

EmpowerID Process and Integration Solution Architecture

 

The below steps provide an explanation of the different steps in the process and integration capabilities.

  1. EmpowerID receives authoritative identity and attribute inputs for employees typically from one or more HR systems. Connections to these systems are facilitated through our connector framework utilizing the most effective access methods for the connected system.

  2. Automated processing jobs evaluate the incoming identity data.  The Account Inbox process evaluates the accounts to either join to a person or create a new managed person identity in the system.  Role/Location processes evaluate the attributes that are used to determine and set the business role and location that a person should be assigned to.  Attribute sync processes reconcile attribute changes that have been discovered and flow these changes from the account to the person identity based on configured attribute flow rules.

  3. Various processes manipulate the person identity and set role assignments as attribute and role data from the source systems triggers role changes, status changes, terminations and policy changes.  Exception requests are recorded and processed based on access and approval policies that enforce governance rules.  Compliance rules and policies provide for risk mitigation and recertification processing.  Role-Based, Policy-Based, and Attribute-Based, Access Control (RBAC, PBAC, ABAC) processes will determine target system group and role memberships that need to be provisioned or de-provisioned based on role assignments, whether birthright, exception requested, or compliance processing.

  4. Provisioning policies within the EmpowerID system determine the target systems and scope of the identities to be provisioned or de-provisioned in target systems.  Membership reconciliation, projection, and enforcement jobs process group membership changes to target systems.  Dynamic Hierarchy policies create and populate dynamic groups and memberships based on policy definitions.

  5. Changes processed by the outbound processes are written to the target systems via the connector framework using the methods defined in the connector libraries.  Failed writes are re-tried on the next update cycle to ensure data remains up to date. 

  6. Inventory jobs read current state data from the target systems and reconciles with the data in the identity warehouse to maintain synchronization with the external system. 

 

Related Docs Topics:

Getting Started with Directory Systems