Create an identity policy

Create an identity policy

An administrator can create an identity policy for use by all service types, specific service types, or specific service instances. For example, you can create an identity policy that specifies that a user ID is constructed from the family name of a user and a department number.

IBM Security Identity Manager offers two approaches, basic and advanced, for creating an identity policy. Decide which approach to use. If an identity policy is intended to specify a service instance as a target, that service instance must exist.
We can use the Manage Identity Policies notebook to create an identity policy. Identity policies do not change user IDs for accounts that exist. Rather, they are used when creating new accounts through Security Identity Manager. When we are defining a new identity policy, services that are already the target of an identity policy are listed. However, the services are not selectable from the services table on the Add Targets page. An error message is generated during the save operation if a target service type is already being used in another identity policy.
To create an identity policy, complete these steps.

From the navigation tree, select Manage Policies > Manage Identity Policies.
On the Work With Identity Policies page, in the Identity Policies table, click Create.
On the Manage Identity Policies page, on the General page, type a name and select a business unit for your identity policy. On the General Page, you can optionally specify a caption to provide additional information about the policy and a description of its purpose. We can specify keywords to reference the identity policy and a status. The status value is enabled to use the policy and make it active, or disabled to make the policy inactive. We can also specify a user type to which the identity policy applies. We can specify the extent to which the identity policy applies to a business unit or to a business unit and subunits.
Click the Targets page. Add one or more services or service types to which the identity policy applies, or specify the policy applies to all service types:

To specify that the identity policy applies to all service types, select All service types.
To specify that the identity policy applies to specific service instances:

Click Add.
On the Add Targets page, specify your search criteria, and then click Search.
In the Services table, select a service. If we select the box at the top of the column, all services are targeted. To apply all service types, select All Service Types. If we select All Service Types, you cannot add specific service types or instances. If to apply the policy to selected service types or instances, ensure that All Service Types is not selected.
Click OK.

To specify that the identity policy applies to a specific service type:

Click Add.
Select a Target type of Service type.
Select the service type to which you would like the identity policy to apply.
Click OK.

The script field is populated with the default identity policy for the Person user type.
On the Manage Identity Policies page, click the Rule page to specify the schema attributes that the identity policy uses to create a user ID.

To use a basic input mode that applies a rule with schema attributes, select Simple - define rule and provide the following details:

A first attribute, its character limit, and its type of case (existing, upper, or lower)
(Optionally) a second attribute, its character limit, and its type of case (existing, upper, or lower)
A blank value for character limit means no limit, and the entire attribute is used. If a duplicate user ID exists at the time an account is requested, an integer is appended to the user ID and incremented until a unique user ID is determined.
For the identity policy that uses JavaScript code, select Advanced - define script. The script field is populated with the default identity policy for the Person user type.

Click OK to save the changes.
On the Success page, click Close.

Parent topic: Identity policies