Skip to main content

EmpowerID Admin Lab 8 - Dynamic Hierarchy for Roles and Locations

Purpose

This lab guides you through creating dynamic hierarchy policies to generate business roles and locations from HR flat file data and enabling the necessary processes to establish these roles and locations.

Prerequisites

  1. Access to the EmpowerID training environment.
  2. The HR worker flat file configured as an account store.

Steps

1. Create a Dynamic Hierarchy Policy

  1. Navigate to Dynamic Hierarchy > Policies.
  2. Click the + button to create a new dynamic hierarchy policy.
  3. Configure the policy as follows:
    • Policy Type: Account Attribute - External Roles and Locations.
    • Policy Name: Enter a descriptive name, e.g., External Roles and Locations.
    • Directory: Select the HR Worker Flat File account store.
  4. Enable Hierarchy Generation and set the intervals:
    • Processing Interval: 5 minutes.
    • Membership Recalculation Interval: 5 minutes.
  5. Define the settings for external business roles and locations:
    • External Business Roles: Use the Job Title attribute.
    • External Locations: Use Division as the parent node and Department as child nodes.
    • Skip the third level.
  6. Save the policy.

2. Verify Server Role Configuration

  1. Navigate to Infrastructure Admin > EmpowerID Servers and Settings > Server Roles.
  2. Locate the All-In-One Server Role and confirm the following jobs are active:
    • Dynamic Hierarchy Generation Job
    • Dynamic Hierarchy Membership Inbox Processor
    • Membership Recalculation Job
    • Dynamic Hierarchy Provision Inbox Processor
  3. Ensure the server role is properly configured to run these jobs.

3. Monitor Dynamic Hierarchy Processing

  1. Navigate to Dynamic Hierarchy > Inbox.
  2. Verify initial processing results:
    • Confirm creation of first-level business roles (e.g., Job Titles) and locations (e.g., Divisions).
    • Check for any errors or pending records.
  3. Wait for the second processing cycle (approximately 5 minutes) to generate the second-level locations (e.g., Departments under Divisions).

4. Validate Role and Location Creation and Associated Mappings

  1. Navigate to Identity Lifecycle > Role and Location Mapper.

  2. On the Role Mapper tab, Filter by the HR Worker Flat File account store to view the external roles in the left side tree view. Then browse the Internal Destination Business Role tree on the right to view the generated EmpowerID Business Roles.

    • Confirm that you can see both the External Roles on the left and the corresponding Business Roles on the right.
    • Click on one of the roles to see the selected node mappings below the tree view. Verify that a mapping exists for the selected role.

  3. On the Location Mapper tab, Filter by the HR Worker Flat File account store to view the external Locations in the left side tree view. Then browse the Internal Destination Location tree on the right to view the generated EmpowerID Business Locations.

    • Confirm that you can see both the External Locations on the left and the corresponding Business Locations on the right.
    • Click on one of the Locations to see the selected node mappings below the tree view. Verify that a mapping exists for the selected Location.
    • Verify hierarchical structure (e.g., Departments under Divisions).

The Dynamic Hierarchy Generation and processing jobs and the Dynamic Hierarchy Membership calculation and processing jobs may need to complete a few times for all the roles, locations, and mappings to be completed. It could take as long as 20-30 minutes to achieve the complete business role and location structure depending on the configuration of the processing intervals.

5. Review Processing History

  1. Navigate to Admin > Applications and Directories > Account Stores and Systems > Job History.
  2. Search for dynamic jobs (e.g., Dynamic Hierarchy Generation Job).
  3. Confirm that:
    • Jobs run successfully without errors.
    • Records progress through processing cycles as expected.

6. Verify Role and Location Membership Assignments

  1. Check mappings of accounts to external roles and locations:
    • Navigate to the Identity Lifecycle --> External Roles and Locations page and select the Account to External Role and Location tab
    • For each peson in the list, there should be an External Role and External Location populated.
    • For each person list Validate that accounts are assigned appropriate roles and locations based on HR data.
  2. Check mapping of External Role and Location assignments to Business Roles and Locations
    • On the Account to External Role and Location tab, each person should have the Primary Business Role and Location populated with a valid role and location assignment.
    • Select the Business Role and Location Recompiler Inbox tab. Verify that the Re-evaluation status is Processed on all the Person Business Role and Location inbox records.
  3. Bring up a person record by clicking on one of the person names. In the Business Roles display of the Roles, Accounts, and Login Security section, verify that the correct business role and location assignment is listed.

Note that if any of these validations are missing, you may need to wait for some additional time for the jobs to run on their individual run schedules.

Notes

  • Dynamic hierarchy processing cycles through levels iteratively. Allow time for processing before validating each level.
  • Review job histories and inbox processing results to troubleshoot issues or delays.
  • For large data sets, processing times may vary. Adjust intervals as needed for testing environments.

Completion

Once all roles and locations are generated, hierarchical mappings are established, and accounts are assigned correctly, this lab is complete. Proceed to the next lab for additional EmpowerID configuration and functionality.

Video Walk-thru

View a video walk-thru of this lab exercise.