Skip to main content

About Dynamic Hierarchies

Dynamic Hierarchies in EmpowerID automate the lifecycle management of data-driven, nested groups and roles within your organization. By leveraging authoritative enterprise data sources, the Dynamic Hierarchies engine automatically creates, updates, and removes groups and roles in systems like Active Directory and Azure Active Directory without manual intervention.

Dynamic Group Automation

EmpowerID's Group Management module supports self-service and delegated administration for groups and application roles across multiple systems. Organizations can manage group membership through web-based interfaces and workflows, including automated solutions for complex, data-driven groups that typically require custom scripts or manual maintenance.

These data-driven groups, called Dynamic Groups in EmpowerID, are governed by attribute-based policies that draw data from authoritative systems like HR databases. The Dynamic Group Management module fully automates the lifecycle of these groups—from creation and membership updates to retirement—ensuring consistent group lifecycle management.

Dynamic Hierarchies for Nested Structures

The Dynamic Hierarchies engine focuses specifically on nested groups and roles, making it particularly effective for organizations needing collaboration or email groups structured around their organizational hierarchy. Dynamic Hierarchy policies automatically generate and maintain nested groups for each location, company, division, department, or manager, drawing data from HR, Active Directory, or other authoritative sources.

Common Use Case Example

A typical use case involves creating a group for each company with corresponding departmental groups nested within. As organizational data changes—such as adding a new department or promoting an employee—Dynamic Hierarchies updates the group structure in real time. This hands-off approach ensures that distribution lists and security groups stay synchronized with the organization's current state without manual intervention.

Leveraging Authoritative Data Sources

Dynamic Hierarchies can leverage data from virtually any system in your enterprise through EmpowerID's Identity Governance and Administration (IGA) connectors, which integrate with:

  • Modern cloud systems – Workday, SuccessFactors, UltiPro
  • Traditional on-premises systems – Active Directory, RACF, SAP
  • Custom data sources – Through EmpowerID's extensible connector framework

Using these authoritative sources of user and HR data, EmpowerID enables flexible attribute-based policies that keep group memberships current for collaboration and security purposes, reducing manual group management overhead.

Benefits of Dynamic Hierarchies

  • Full automation – Groups and roles are created, updated, and deleted automatically in response to changes in underlying authoritative data
  • Scalable management – Groups are generated and nested to reflect organizational structure, making them useful for collaboration while reducing administrative effort
  • Improved accuracy – Changes in HR or other source systems (promotions, departmental shifts, reorganizations) are automatically mirrored in corresponding groups and roles
  • Reduced manual effort – Eliminates the need for custom scripts or manual maintenance of complex nested group structures

Policy Types

Dynamic Hierarchy policies support multiple configuration patterns:

  • Single-level attribute groups – Groups based on one, two, or three person attributes
  • Two-level nested groups – Parent and child groups based on two attributes
  • Organization chart groups – Groups based on manager relationships
  • Management roles – Dynamically generated roles based on person attributes
  • External roles and locations – Business roles and locations based on account attributes

Each policy type is designed for specific organizational needs and can be scheduled to run automatically at defined intervals.