Skip to main content

EmpowerID Guided Lab 7: Account Inbox Configuration

Purpose

This lab guides you through configuring and verifying identity lifecycle settings for provisioning managed Person objects from HR system workers, joining Active Directory (AD), and Entra ID accounts to those Person objects, and enabling the account inbox process.

Prerequisites

  1. Access to the EmpowerID training environment.
  2. Knowledge of the identity lifecycle configuration settings.
  3. A modern web browser.

Steps

1. Configure Identity Lifecycle Settings

  1. Navigate to Admin > Identity Lifecycle > Lifecycle Settings.
  2. Ensure the following settings:
    • Turn off the "Join by Employee ID" option.
      • This prevents conflicts between records with the same Employee ID but different names.
    • Enable "Join by Employee ID and First Name/Last Name".
  3. Leave other settings as default.
  4. Save the configuration.

2. Enable the Account Inbox Permanent Workflow

  1. Navigate to Infrastructure Admin > EmpowerID Servers and Settings > Permanent Workflows.
  2. Locate the Account Inbox workflow and open it.
  3. Note the assigned workflow: Account Inbox Bulk.
  4. Enable the workflow by editing its status and saving the changes.

3. Adjust Workflow Parameters

  1. Navigate to Admin > Workflows > Low Code Workflows.
  2. Search for and open Account Inbox Bulk.
  3. Edit the Reprocess Interval parameter:
    • Default: 400 minutes (6.5 hours).
    • Adjust to 20 minutes to speed up processing for the lab.
    • Save the configuration.
  4. Note: After initial processing, revert the interval to its default to avoid unnecessary reprocessing.

4. Verify the Account Inbox Workflow

  1. Return to Infrastructure Admin > Permanent Workflows.
  2. Confirm that the Account Inbox workflow is enabled and assigned to an EmpowerID server.
  3. Monitor the workflow status to ensure it is actively running.

5. Monitor and Verify Processing

  1. Navigate to Identity Lifecycle > Account Inbox.
  2. Observe the following:
    • Ignored Records: Initially, many AD and Entra ID records may be flagged as ignored because Person objects from the HR system are not yet provisioned.
    • Pending Records: The system processes records in chunks. Pending records will transition as processing continues.
    • Provisioned Records: Verify that HR system records are creating Person objects.
  3. Use filters to view:
    • Provisioned Records: Confirm that Person objects are being created for HR system records.
    • Ignored Records: Check that AD and Entra ID records are reprocessed after Person objects are provisioned.

6. Validate Results

  1. Search for specific Person objects created from HR system records (e.g., by name or Employee ID).
  2. Confirm that:
    • AD and Entra ID records are joined to the corresponding Person objects after reprocessing.
    • The number of processed records matches expected totals (e.g., 137 provisioned, 139 ignored).
  3. Monitor the workflow to ensure all records are processed as expected.

Notes

  • The reduced reprocess interval (20 minutes) helps speed up lab activities. Revert it to the default after completing the lab to avoid excessive processing cycles.
  • "Ignored Records" are typically reprocessed once their dependencies (e.g., Person objects) are created.
  • Use filters in the Account Inbox to verify specific record statuses and investigate any discrepancies.

Completion

Once all records are processed and provisioned, and AD and Entra ID accounts are joined to the Person objects, this lab is complete. Proceed to the next lab to explore additional configurations and workflows in EmpowerID.

Video Walk-thru

View a video walk-thru of this lab exercise.