Skip to main content

Configuring Core Identity

Core Identity automatically links multiple Person objects that represent the same individual based on matching attributes you configure. This is particularly useful when individuals have both standard and privileged accounts (e.g., separate user and administrator identities in Active Directory) that need to be linked for governance and reporting.

Prerequisites

Before configuring Core Identity, ensure:

  • Administrative access to EmpowerID System Settings (Requires SaaS Admin Management Role)
  • Decision on which Person attributes to use for matching (e.g., FirstName + LastName + BirthDate, or Email + EmployeeID). Matching attributes should be consistent across personas and unique enough to avoid false positives.
  • Understanding of when Core Identity linking should occur in your organization (e.g., standard and privileged account scenarios, multi-domain environments)

Configure Matching Rules

  1. Navigate to Infrastructure AdminEmpowerID Servers and SettingsEmpowerID System Settings.

  2. Search for "JoinToCI." Core Identity Settings Four Core Identity configuration settings appear, each representing a different matching strategy.

  3. Select which matching strategy to use based on your organizational needs:

    StrategyMatches OnBest ForSetting Name
    Name + Birth DateFirstName + LastName + BirthDateMost accurate matching when birth dates are reliable and consistently availableJoinToCIByBirthDateFirstNameLastName
    Name OnlyFirstName + LastNameSimpler matching without birth date requirement; suitable for smaller organizations with unique namesJoinToCIByFirstNameLastName
    Custom AttributesComma-separated attribute listFlexible matching based on specific organizational identifiers (e.g., Email, EmployeeID)JoinToCICustomMatchAttributes
    Advanced SQLCustom SQL queryComplex scenarios requiring custom join logic beyond standard attribute matchingJoinToCICustomMatch

  4. Enable the selected matching rule:

    • Locate the setting by name from the table above
    • Click the Edit button
    • Set Enabled to True Edit Rule Setting
    • For Name + Birth Date or Name Only strategies: Confirm the value is true (no additional configuration needed)
    • For Custom Attributes: Enter a comma-separated list of Person attributes in the value field (e.g., Email,EmployeeID,FirstName,LastName)
    • For Advanced SQL: Enter your custom SQL query with join logic in the value field
    • Click Save

    The matching rule is enabled. During the next inventory run, EmpowerID will evaluate Person objects against the configured criteria and create Core Identity links for matching persons.

    Switching Between Rules

    If you are changing from one matching strategy to another, you must first disable the previously used rule by setting its Enabled value to false. This prevents conflicting matching logic. After disabling the old rule, enable the new rule by setting its Enabled value to true.

  5. (Optional) To enable multiple matching rules simultaneously, repeat step 4 for additional rules. Multiple enabled rules will all be evaluated during inventory runs, and persons matching any enabled rule will be linked to a Core Identity.

Automatic Processing

During the next inventory run, EmpowerID:

  • Detects Persons whose attributes match the configured criteria
  • Creates Core Identities automatically
  • Links matching Persons to the Core Identity

In future inventory runs, new Persons with matching attributes are automatically linked to existing Core Identities.

Verify Configuration

After enabling Core Identity matching rules and running an inventory:

  1. Navigate to Identity AdministrationPeople.
  2. Click the Core Identities tab. Core Identities created by the matching rules appear in the list.
  3. Click a Core Identity ID link to view details. Core Identity Search Results The Core Identity details page opens, showing information about the Core Identity and its linked personas. Core Identity View Page

Next Steps

After configuring and verifying Core Identity:

  • Monitor linking during inventory runs – Check the Core Identities tab after each inventory to verify that Person objects are being linked as expected. Review any unlinked personas to determine if matching criteria need adjustment.
  • Review Core Identity concepts – See Understanding the Relationship Between Persons and Accounts for detailed information about how Person objects, Account objects, and Core Identity work together in EmpowerID's identity model.
  • Continue user lifecycle managementOnboard People to create new Person objects. Newly created persons will be automatically evaluated against configured Core Identity matching rules during the next inventory run.