Skip to main content

Create Organization Chart Group Policies

Organization Chart Group policies dynamically generate groups based on organizational management hierarchies. Groups are created for each manager with direct report accounts added as members. The policy can use either EmpowerID Person relationships or the ManagerPersonID value from a connected directory.

info

The Extension Attribute 1 and Extension Attribute 2 values for each group created by a Dynamic Hierarchy policy are internally managed by EmpowerID and should not be altered.

Prerequisites

To create Dynamic Hierarchy policies, you need appropriate permissions to access and configure Dynamic Hierarchies in EmpowerID.

Create an Organization Chart Groups Policy

  1. On the navbar, expand Dynamic Hierarchies and select Policies.

  2. Click the Add (+) button. Add button on Dynamic Hierarchy Policies page

  3. In the General section, configure:

    • Select a Policy Type – Select Organization Chart Groups
    • Name – Enter a name for the policy
    • Description – Enter a description for the policy
    • Directory – Select the appropriate account store

  4. Configure the Hierarchy Generation schedule.

    View Hierarchy Generation Settings

    • Hierarchy Generation Enabled – Select this option to enable EmpowerID to generate dynamic group hierarchies

    • Hierarchy Generation Next Run – Click the field and select the date and time for the next run of the Hierarchy Generation job

    • Hierarchy Generation Schedule – Optionally, click the Start and End fields and select the respective start and end dates for hierarchy generation to occur

    • Hierarchy Generation Interval – Set the interval for the Hierarchy Generation job to process the policy:

      • Once – Hierarchy generation occurs one time

      • Minute Interval – Hierarchy generation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice: first at the date and time specified in the Hierarchy Generation Next Run field, and again 24 minutes after the first run completes. If you select Run Indefinitely with an interval of 24, hierarchy generation occurs once every 24 minutes, indefinitely.

      • Hour Interval – Hierarchy generation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice: first at the specified date and time, and again 24 hours after the first run completes. If you select Run Indefinitely with an interval of 24, hierarchy generation occurs once every 24 hours, indefinitely.

      • Daily – Hierarchy generation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. For example, if you select an iteration of 2, hierarchy generation occurs twice: first at the specified date and time, and again on the following day at the time specified in the Times field. If you select Run Indefinitely, hierarchy generation occurs daily at the time specified in the Times field.

  5. Configure the Membership Recalculation schedule.

    View Membership Recalculation Settings

    • Membership Recalculation Enabled – Select this option to enable EmpowerID to update group membership as specified

    • Membership Recalculate Next Run – Click the field and set the date and time for the next run of the Dynamic Hierarchy Membership Recalculation job

    • Membership Recalculation Schedule – Optionally, click the Start and End fields and set the respective start and end dates for membership recalculation to occur

    • Membership Recalculation Interval – Set the interval for membership recalculation to run:

      • Once – Membership recalculation occurs one time

      • Minute Interval – Membership recalculation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice: first at the date and time specified in the Membership Recalculate Next Run field, and again 24 minutes after the first run completes. If you select Run Indefinitely with an interval of 24, membership recalculation occurs once every 24 minutes, indefinitely.

      • Hour Interval – Membership recalculation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice: first at the specified date and time, and again 24 hours after the first run completes. If you select Run Indefinitely with an interval of 24, membership recalculation occurs once every 24 hours, indefinitely.

      • Daily – Membership recalculation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. For example, if you select an iteration of 2, membership recalculation occurs twice: first at the specified date and time, and again on the following day at the time specified in the Times field. If you select Run Indefinitely, membership recalculation occurs daily at the time specified in the Times field.

  6. In the Policy Settings section, configure:

    • Use EmpowerID Person Relationship – Select this option to use EmpowerID Person relationships. This generates one Direct Reports group for each manager relationship in EmpowerID, populating each group with users the manager manages.
    • Nest Manager Groups – Select to nest groups for cascading direct reports
    • Mail-Enable Groups – Select to mail-enable the generated groups (requires Exchange)
    • Empty Group Action – Select an appropriate action for EmpowerID to take if a group is empty
    • Group Type – Select the type of group you wish EmpowerID to create
    • Group Creation Location – Click Select an OU and select the OU where EmpowerID provisions the dynamically generated groups

  7. In the Alerts section, configure notification settings:

    • Create OU Alert Active – Select to send alerts when an OU is created based on the policy
    • Create OU Alert – Search for and select the alert to send when an OU is created
    • Create Group Alert Active – Select to send alerts when a group is created based on the policy
    • Create Group Alert – Search for and select the alert to send when a group is created
    • Delete Group Alert Active – Select to send alerts when a group is deleted based on the policy
    • Delete Group Alert – Search for and select the alert to send when a group is deleted
    • Membership Change Alert Active – Select to send alerts when dynamic group hierarchy membership changes
    • Membership Change Alert – Search for and select the alert to send when membership changes
    note

    Groups are only deleted automatically when the Empty Group Action is set to Delete and the group has no members.

  8. Click Save.

Results

After creating and running the policy:

  • Groups are automatically created for each manager in the organizational hierarchy
  • Direct reports are automatically added as members of their manager's group
  • If nesting is enabled, manager groups are nested according to the reporting hierarchy
  • The groups appear in the Dynamic Group Hierarchy inbox (Dynamic Hierarchies > Inbox)
  • The groups are visible on the Find Groups page (Identity Administration > Groups)
  • Group membership updates automatically as reporting relationships change
tip

View people dynamically added to a group by clicking the group's Display Name link and expanding the Resultant Members accordion. View nested group members by expanding the Nested Group Members accordion.