Policy associations

 

Use this information to learn about how to use policy associations to describe a relationship between multiple user identities and a single user identity in a user registry.

Enterprise Identity Mapping (EIM) mapping policy allows an EIM administrator to create and use policy associations to define a relationship between multiple user identities in one or more user registries and a single user identity in another user registry. Policy associations use EIM mapping policy support to create many-to-one mappings between user identities without involving an EIM identifier. You can use policy associations instead of, or in combination with, identifier associations that provide one-to-one mappings between an EIM identifier and a single user identity.

A policy association affects only those user identities for which specific individual EIM associations do not exist. When specific identifier associations exist between an EIM identifier and user identities, then the target user identity from the identifier association is returned to the application performing the lookup operation, even when a policy association exists and the use of policy associations is enabled.

You can create three different types of policy associations:

• Default domain policy associations
  This information explains how to establish a mapping relationship for all user identities in the domain.

• Default registry policy associations
  This information explains how to establish a mapping relationship for all the user identities in a single registry.

• Certificate filter policy associations
  This information explains how to establish a mapping relationship for a set of user identities (in the form of digital certificates) in a single X.509 registry.

 

Parent topic:

EIM associations

 

Related concepts

EIM lookup operations