Skip to main content

Create One-Level Dual Attribute Group Policies

One-Level Dual Attribute policies dynamically generate groups based on the values of any two specified person attributes, such as State and City. When the policy runs, EmpowerID creates a group for each unique combination of the two attributes and adds people with matching attributes to those groups.

Prerequisites

To create Dynamic Hierarchy policies, you need appropriate permissions to access and configure Dynamic Hierarchies in EmpowerID.

Create a One-Level Dual Attribute Groups Policy

  1. On the navbar, expand Dynamic Hierarchies and select Policies.

  2. Click the Add (+) button. Add button on Dynamic Hierarchy Policies page The Policy Details form opens. Policy Details form

  3. In the General section, configure:

    • Select a Policy Type – Select One level dual attribute groups
    • Name – Enter a name for the policy
    • Description – Enter a description for the policy
    • Directory – Select the account store where the groups are to be created

  4. Configure the Hierarchy Generation schedule.

    View Hierarchy Generation Settings

    • Hierarchy Generation Enabled – Select this option to enable EmpowerID to generate hierarchies from the policy

    • Hierarchy Generation Next Run – Click the field and select the date and time for the next run of the Hierarchy Generation job

    • Hierarchy Generation Schedule – Set the start and end dates for hierarchy generation to occur

    • Hierarchy Generation Interval – Set the interval for the Hierarchy Generation job to process the policy:

      • Once – Hierarchy generation occurs one time

      • Minute Interval – Hierarchy generation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice: first at the date and time specified in the Hierarchy Generation Next Run field, and again 24 minutes after the first run completes. If you select Run Indefinitely with an interval of 24, hierarchy generation occurs once every 24 minutes, indefinitely.

      • Hour Interval – Hierarchy generation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice: first at the specified date and time, and again 24 hours after the first run completes. If you select Run Indefinitely with an interval of 24, hierarchy generation occurs once every 24 hours, indefinitely.

      • Daily – Hierarchy generation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. For example, if you select an iteration of 2, hierarchy generation occurs twice: first at the specified date and time, and again on the following day at the time specified in the Times field. If you select Run Indefinitely, hierarchy generation occurs daily at the time specified in the Times field.

  5. Configure the Membership Recalculation schedule.

    View Membership Recalculation Settings

    • Membership Recalculation Enabled – Select this option to enable the system to update group membership as specified by the schedule and interval

    • Membership Recalculate Next Run – Set the date and time for the next run of the Dynamic Hierarchy Membership Recalculation job

    • Membership Recalculation Schedule – Set the start and end dates for membership recalculation to occur

    • Membership Recalculation Interval – Set the interval for membership recalculation to run:

      • Once – Membership recalculation occurs one time

      • Minute Interval – Membership recalculation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice: first at the date and time specified in the Membership Recalculate Next Run field, and again 24 minutes after the first run completes. If you select Run Indefinitely with an interval of 24, membership recalculation occurs once every 24 minutes, indefinitely.

      • Hour Interval – Membership recalculation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice: first at the specified date and time, and again 24 hours after the first run completes. If you select Run Indefinitely with an interval of 24, membership recalculation occurs once every 24 hours, indefinitely.

      • Daily – Membership recalculation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. For example, if you select an iteration of 2, membership recalculation occurs twice: first at the specified date and time, and again on the following day at the time specified in the Times field. If you select Run Indefinitely, membership recalculation occurs daily at the time specified in the Times field.

  6. In the Policy Settings section, configure:

    • First Attribute to Group By – Select the first attribute on which to base group membership
    • Second Attribute to Group By – Select the second attribute on which to base group membership
    • Claim Matching Group – Select this option to mark any matching groups already in the system as dynamic hierarchy groups
    • Mail-Enable Groups – Select this option to mail-enable the groups created by the policy
    • Empty Group Action – Select an appropriate action for EmpowerID to take if a group created by the policy has no members
    • Delay Removal of Membership by X Days – Set the number of days EmpowerID waits before removing people who no longer meet the criteria for group membership. This allows people moving between locations to retain access temporarily. If left blank, EmpowerID immediately removes all people no longer meeting the criteria.
    • Group Type – Select the type for the groups being created by the policy
    • Dynamic Hierarchy Naming Convention {Value1}{Value2} – At a minimum enter {Value1} {Value2}. EmpowerID uses these values to dynamically create a separate group for each person or user account meeting the criteria. For example, if you have users in different cities and states, a group is created for each city and state combination.
    • Group Creation Location – Click the Select an OU link and select an OU for the groups. If you do not pick a location, EmpowerID creates groups in the default group creation location selected for the account store.

  7. In the Alerts section, configure notification settings:

    • Create Group Alert Active – Select to send alerts when groups are created
    • Create Group Alert – When active, sends an alert to subscribers when EmpowerID creates a new group from the policy (default: Hierarchy Create Group alert)
    • Delete Group Alert Active – Select to send alerts when groups are deleted
    • Delete Group Alert – When active, sends an alert when EmpowerID deletes a group that was previously created from the policy
    • Membership Change Alert Active – Select to send alerts when group membership changes
    • Membership Change Alert – When active, sends an alert when the membership of a group created by the policy changes (default: Hierarchy Group Membership Changed alert)
    note

    Groups are only deleted automatically when the Empty Group Action is set to Delete and the group has no members.

  8. Click Save.

Results

After creating and running the policy:

  • Groups are automatically created for each unique combination of the two specified attributes
  • People with matching attribute values are automatically added to the corresponding groups
  • As attribute values change in the authoritative source, group memberships are automatically updated
  • Empty groups are handled according to the configured Empty Group Action
  • Configured alert subscribers are notified of group creation, deletion, and membership changes