Creating a policy association

 

A policy association provides a means to directly define a relationship between multiple user identities in one or more registries and an individual target user identity in another registry.

Policy associations use Enterprise Identity Mapping (EIM) mapping policy support to create many-to-one mappings between user identities without involving an EIM identifier. Because you can use policy associations in a variety of overlapping ways, have a thorough understanding of EIM mapping policy support before you create and use policy associations. Also, to prevent potential problems with associations and how they map identities, develop an overall identity mapping plan for your enterprise before you begin defining associations.

Whether you choose to create identifier associations, create policy associations, or use a mix of both methods depends on your EIM implementation needs.

How you create a policy association varies depending on the type of policy association. To learn more about how to create a policy association, see:

• Creating a default domain policy association
  To create a default domain policy association, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have EIM access control to either EIM administrator or Registry administrator.

• Creating a default registry policy association
  To create a default registry policy association, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have EIM access control as either a Registry administrator or EIM administrator.

• Creating a certificate filter policy association
  To create a certificate filter policy association, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have EIM access control as either a Registry administrator or EIM administrator.

 

Parent topic:

Creating EIM associations

 

Related concepts

Managing Enterprise Identity Mapping registry definitions