Ownership
What is an Owner?
A Hydden owner represents a person, service, or resource that owns one or more discovered accounts. Owners are either manually created by a user, or automatically generated from discovered accounts by applying the account mapping rules. Each account maps to at most one owner, while a single owner can own multiple accounts across platforms and data sources.
The account mapping rules automatically map each account to an owner based on account type, classification, or attribute (e.g. username, email). Users can also perform manual account mapping to link a disparate account to an owner within Hydden.
The Alternative Display Name can be used to add an alternative display name when mapping accounts to an owner.
Use the + Add Owner, Run Mapper, and Delete Unmapped Owners button to start various ownership maintenance workflows.
Account mapping and classification rules feed directly into any data available under the Ownership tab.
The Ownership page is configurable via the Columns option.
Use the Columns button to add or remove columns from your ownership page.
Use the + button to expand a detailed view of the owner. If there is more than one account mapped to the owner, all mapped accounts are listed.
To delete an auto mapping, in the Auto column click on the mapping to clear it. If Block Remapping is enabled for the data source, the mapping will not be reestablished during the next data collection run.
Owner Types
Each owner is assigned a type that classifies what kind of entity it represents:
| Value | Owner Type | Description |
|---|---|---|
| 0 | Human | A person (employee, contractor, etc.) |
| 1 | Service | A service or application owner |
| 2 | Resource | A shared resource (mailbox, room, device) |
| 3 | Vault | A vault-managed owner |
| 4 | Other | Any owner that doesn't fit the above types |
Owner Status Lifecycle
Owners support 8 status values that reflect the owner's lifecycle state:
| Value | Status | Description |
|---|---|---|
| 0 | Active | Currently active in the organization |
| 1 | Inactive | No longer active but not terminated |
| 2 | Prestart | Hired but has not yet started |
| 3 | On Leave | Temporarily away (leave of absence, sabbatical) |
| 4 | Terminated | Employment or contract ended |
| 5 | Retired | Retired from the organization |
| 6 | Suspended | Temporarily suspended |
| 7 | Deceased | Owner is deceased |
Manually Adding an Owner
Purpose: Create a new owner manually when automatic mapping rules do not apply.
Navigate to Configuration | Identify and select Ownership.
Click + Add Owner.
Select an Owner Type from the drop-down. The options are Human, Service, Resource, Vault, or Other. This is a required field and it defaults to Human.
Provide an Owner Identifier (ID), if used in your organization.
Enter a Display Name, Email, Alternative Display Name, and Alternative Emails. Several alternative names and emails can be added separated by a semicolon.
Set the Status from the drop-down. The available options are: Active, Inactive, Prestart, On Leave, Terminated, Retired, Suspended, or Deceased. See Owner Status Lifecycle for details.
Provide a Start Date.
If available, provide an End Date.
Enter a Title, Manager, Department, Location, Phone, and Mobile information if available.
Click Add.
Run Mapper
Run Mapper
The Run Mapper button executes the account mapping rules against all currently unmapped accounts. This process evaluates each unmapped account against the configured Account Mapping and Owner Creation rules in priority order, mapping accounts to existing owners or creating new owners as configured.
Delete Unmapped Owners
Delete Unmapped Owners
The Delete Unmapped Owners button removes all owners that have no accounts mapped to them. This is useful for cleaning up owners that were created by mapping rules but whose accounts have since been removed or remapped to other owners.
NOTE
This action cannot be undone. Review unmapped owners before deleting.
Block Remapping
Block Remapping
When Block Remapping is enabled for a data source, any manual mapping changes (adding or removing account-to-owner mappings) are preserved during subsequent data collection runs. Without this setting, the automatic mapper may re-establish mappings that were intentionally cleared.
Block Remapping is configured per data source in the Data Sources settings.
Owner Import
Hydden provides an option to manually import owners into an organization's tenant.
Navigate to Configuration | Identify.
On the Ownership tab, select Import.
On the Import CSV Identities modal, click Select CSV File to open your computer's file upload picker to upload your file.
When the file name shows in the Import CSV File field, click Import.
Status messages show if an import
- was successful or not.
- how many owners were imported or updated.
- restored an owner.
Imports are also captured in the Audit log:
Import Template
For the initial manual owner import only 4 columns are needed in the import file:
- identity.name
- identity.email
- identity.alternativeEmail
- uniqueId
Identity.name is required, meaning the csv file needs to have at a minimum the owner name specified to create a record in Hydden.
Template Download
Use the Identity Import Test file as a template for your manual imports.
Create Your Own File
- Copy the following code block.
- Paste into a blank file and save as csv.
- Edit the contents in any spreadsheet editing program to get started with your organization's manual owner imports.
identity.name,identity.email,identity.alternativeEmail,uniqueId
My Test Id 1,mytestid1@demo.corp,"[aaa@aaa.com,bbb@bbb.com]",b9da786a-86aa-1613-82a5-a0720d7ac666
My Test Id 2,mytestid2@demo.corp,,862360e1-bfb7-453b-8c47-65196f1670db
My Test Id 3,mytestid3@demo.corp,,
My Test Id 1-new,mytestid1-new@demo.corp,,
,mytestid2-new@demo.corp,mytestid1-new@demo.corp,
My Test Id 4,,,22334455-66554433
,mytestid5-new@demo.corp,,
My Test Id 6,mytestid6-new@demo.corp,,123456Based on the code block data, on import you will observe that no entry is created for mytestid5-new@demo.corp and mytestid2-new@demo.corp. Those data sets do not have an identity.name value specified and are ignored on import.
