Creating a default registry policy association

 

To create a default registry policy association, be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and have EIM access control as either a Registry administrator or EIM administrator.

A policy association describes a relationship between multiple user identities and a single user identity in a target user registry. You can use a policy association to describe a relationship between a source set of multiple user identities and a single target user identity in a specified target user registry. Policy associations use EIM mapping policy support to create many-to-one mappings between user identities without involving an EIM identifier.

Because you can use policy associations in a variety of overlapping ways, have a thorough understanding of EIM mapping policy support before you create and use policy associations. Also, to prevent potential problems with associations and how they map identities, develop an overall identity mapping plan for your enterprise before you begin defining associations.

In a default registry policy association, all users in a single registry are the source of the policy association and are mapped to a single target registry and target user. When you enable the default registry policy association for the target registry, the policy association ensures that these source user identities can all be mapped to a single specified target registry and target user.

To create a default registry policy association, complete these steps:

1. Expand Network > Enterprise Identity Mapping > Domain Management.

2. Select the EIM domain in which you want to work.

   • If the EIM domain you want to work with is not listed under Domain Management, see Adding an EIM domain to the Domain Management folder.

   • If you are not currently connected to the EIM domain in which you want to work, see Connect to the EIM domain controller.

3. Select Enable mapping lookups using policy associations for domain on the General page.

4. Select Enable mapping lookups using policy associations for domain on the General page.

5. In the Add Default Registry Policy Association dialog, specify the following required information:

   • The registry definition name of the Source registry for the policy association.

   • The registry definition name of the Target registry for the policy association.

   • The user identity name of the Target user for the policy association.

6. Click Help, if necessary, for more details about how to complete this and subsequent dialogs.

7. Optional. Click Advanced... to display the Add Association - Advanced dialog. Specify lookup information for the policy association and click OK to return to the Add Default Registry Policy Association dialog. If two or more policy associations with the same source registry refer to the same target registry, define unique lookup information for each of the target user identities in these policy associations. By defining lookup information for each target user identity in this situation, you ensure that mapping lookup operations can distinguish between them. Otherwise, mapping lookup operations may return multiple target user identities. As a result of these ambiguous results, applications that rely on EIM may not be able to determine the exact target identity to use.

8. Click OK to create the new policy association and return to the Registry page. The new default registry policy association now displays in Default policy associations.

9. Verify that the new policy association is enabled for the target registry.

10. Click OK to save your changes and exit the Mapping Policy dialog.

    Verify that mapping policy support and the use of policy associations for target user registry are properly enabled. If it is not enabled, the policy association can not take effect.

 

Parent topic:

Creating a policy association