Enabling mapping lookup support and the use of policy associations for a target registry

 

Enterprise Identity Mapping (EIM) mapping policy support allows you to use policy associations as a means of creating many-to-one mappings in situations where associations between user identities and an EIM identifier do not exist. You can use a policy association to map a source set of multiple user identities (rather than a single user identity) to a single target user identity in a specified target user registry.

Before you can use policy associations, however, first ensure that you enable mapping lookups using policy associations for the domain. You must also enable one or two settings for each registry:

• Enable mapping lookups for registry Select this option to ensure that the registry can participate in EIM mapping lookup operations, regardless of whether the registry has any policy associations defined for it.

• Use policy associations Select this option to allow this registry to be the target registry of a policy association and ensure that it can participate in EIM mapping lookup operations.

If you do not enable mapping lookups for the registry, the registry cannot participate in EIM mapping lookup operations at all. If you do not specify that the registry use policy associations, then EIM mapping lookup operations ignore any policy associations for the registry when the registry is the target of the operation.

To enable mapping lookups to use policy associations for a target registry, be connected to the EIM domain in which you want to work and have EIM access control at one of these levels:

• EIM administrator

• Registry administrator

• Administrator for selected registries (for the registry that you want to enable)

To enable mapping lookup support in general, and to allow the use policy associations in specific, for a target registry, complete these steps:

1. Expand Network > Enterprise Identity Mapping > Domain Management.

2. Select the EIM domain in which you want to work.

   • If the EIM domain you want to work with is not listed under Domain Management, see Adding an EIM domain to the Domain Management folder.

   • If you are not currently connected to the EIM domain in which you want to work, see Connect to the EIM domain controller.

3. Select User Registries to display a list of registry definitions for the domain.

   If you have Administrator for selected registries access control, the list contains only those registry definitions to which you are specifically authorized.

4. Right-click the registry definition for which you want to enable mapping policy support for policy associations and select Mapping Policy...

5. On the General page, select Enable mapping lookups for registry. Selecting this option allows the registry to participate in EIM mapping lookup operations. If this option is not selected, a lookup operation cannot return data for the registry, regardless of whether the registry is the source registry or the target registry in a lookup operation.

6. Select Use policy associations. Selecting this option allows lookup operations to use policy associations as the basis for returning data when the registry is the target of the lookup operation.

7. Click OK to save your changes.

Before any registry can use policy associations, also ensure that you enable policy associations for a domain.

 

Parent topic:

Managing Enterprise Identity Mapping registry definitions

 

Related concepts

EIM mapping policy support and enablement