EmpowerID Role and Location mappings allow multiple AD or LDAP directory containers to be visually mapped to a logical location (EmpowerID Locations) for unified and easy management and delegation. When a mapping occurs, all the resources or objects located in the directory are assigned to a corresponding EmpowerID Location and can be used when delegating user rights and setting default policy settings.
If you create these mappings before your first inventory, all new people discovered by EmpowerID during the inventory process will be provisioned into EmpowerID Locations (instead of directory locations) and those EmpowerID Locations will be assigned to them as the "Location" portion of their Business Role and Location (BRL). For example, if you have a user named "Barney Smythe" in a London >> Contractors OU and a user named "Chris Emerick" in a London >> Employees OU and you map both of those London OUs to a single London location in EmpowerID, when you turn on your inventory the Location portion of the BRL for both Barney Smythe and Chris Emerick would be the EmpowerID Location and not the AD OUs.
If more than one OU is mapped to an EmpowerID Location, setting the IsPrimary property determines which mapping should be authoritative when used for various policies, such as creating accounts by RET and assigning primary Business Roles and Locations (when the Business Role and Location recalculation option is enabled).
EmpowerID provides the following three methods for mapping locations using Role and Location Mapper:
Simple Drag-and-Drop - Selecting a location from the External Location tree and dragging it onto the EmpowerID Locations tree does not create a new EmpowerID location. It does, however, map the external location to the EmpowerID location onto which you drop it.
From the EmpowerID Management Console, click the EmpowerID logo and select
Role and Location Mapper.
In the EmpowerID RBAC Mapper screen that appears, drag the location in the External Locations tree onto the appropriate node in the EmpowerID Locations tree.
Drag-and-Drop in combination with the CTRL key - Pressing the CTRL key while dragging a location from the External Locations tree onto the EmpowerID Locations tree creates that location, and any children of the location, as EmpowerID locations and correspondingly maps these locations to each other in a one-to-one relationship.
In Role and Location Mapper, press the CTRL key, and while holding the key down drag the OUs containing your users from the
External Locations pane and drop them onto the
All Business Locations node in the
EmpowerID Locations pane. You can drag and drop locations one at a time or you can select a parent node to drag-and-drop the parent and all child nodes under the parent.
The below image shows what the drag-and-drop operation looks like in our environment.
Notice the blue rectangle around the All Business Locations node as well as the plus (+) symbol by the cursor icon. The blue rectangle indicates that the will be mapped to the node, while the plus (+) symbol indicates that EmpowerID locations will be created. If you do not see the blue rectangle or the symbol no mapping will occur.
Click Yes to indicate that you want to create mappings.
EmpowerID creates the EmpowerID locations, mapping the external OUs to those locations. You can view these by expanding the nodes in each locations tree and pressing F4. Doing so will paint green lines on the screen to indicate which EmpowerID locations are mapped to which external locations.
If more than one OU or container is mapped to an EmpowerID location, setting the
IsPrimary property determines which mapping should be authoritative when used for various policies, such as creating accounts by RET and assigning primary Business Roles and Locations. You can set the
IsPrimary property on any mapping by right-clicking the map line and selecting
IsPrimary from the context menu.
Drag-and-Drop in combination with the SHIFT key - Pressing the SHIFT key while dragging a location from the External Locations tree onto the EmpowerID Locations tree does not create any new EmpowerID locations. It does, however, map the selected external location, and any children of the location, to the ONE EmpowerID location onto which you drop it.
SHIFT and drag the OU in the External Location pane on the right of the screen onto the corresponding location in the EmpowerID Locations pane on the left of the screen.
F4 on your keyboard refreshes any mapping relationships on the screen, allowing you to see exactly which external locations are mapped to which EmpowerID Locations. This can be very helpful when dealing with numerous locations.
You can delete mappings by refreshing the mappings and then hovering your mouse over the mapping your want to delete, right-clicking it and selecting Remove Relationship from the context menu.