Managing EIM associations

 

Use this information to learn about the different types of associations you can manage with Enterprise Identity Mapping (EIM).

EIM allows you to create and manage two kinds of associations, which define direct or indirect relationships between user identities: identifier associations and policy associations. EIM allows you to create and manage identifier associations between EIM identifiers and their user identities, which allow you to define indirect, but specific, individual relationships between user identities. EIM also allows you to create policy associations to describe a relationship between multiple user identities in one or more registries and an individual target user identity in another registry. Policy associations use EIM mapping policy support to create many-to-one mappings between user identities without involving an EIM identifier. Because both types of associations define relationships between user identities in an enterprise, managing associations is an important element in managing EIM.

Maintaining the associations within a domain is key to simplifying the administrative tasks required to keep track of which users have accounts on the various systems in the network. You need to keep identifier associations and policy associations current when you implement a secure single signon network.

You can perform the following management tasks for associations:

• Creating EIM associations
  There are two different types of EIM associations you can create. You can create either an identifier association or a policy association.

• Adding lookup information to a target user identity
  Lookup information is optional unique identifying data for the target user identity defined in an association. This association can be either an identifier target association or a policy association.

• Removing lookup information from a target user identity
  Lookup information is optional unique identifying data for the target user identity defined in an association. This association can be either an identifier target association or a policy association.

• Displaying all identifier associations for an EIM identifier
  To display all associations for an Enterprise Identity Mapping (EIM) identifier be connected to the EIM domain in which you want to work and have some level of EIM access control to perform this task.

• Displaying all policy associations for a domain
  To display all policy associations defined for a domain, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have some level of EIM access control to perform this task.

• Displaying all policy associations for a registry definition
  To display all policy associations defined for a specific registry, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have some level of EIM access control to perform this task.

• Deleting an identifier association
  To delete an identifier association, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have the EIM access control required by the type of association that you want to delete.

• Deleting a policy association
  To delete a policy association, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have EIM access control for either Registry administrator or EIM administrator.

 

Parent topic:

Managing Enterprise Identity Mapping