Identity feed planning

Planning is required before populating IBM Security Identity Manager with users by importing the identity records from a human resources repository or from other sources. An identity feed is the process of loading identity records into ISIM.

The following identity feed tasks are basic:

  1. Prepare the person data for the initial identity feed.

    Determine the best authoritative data sources, such as the human resources (HR) repository. We determine what information to use as the required attributes of a person. For example, data that indicates the title of a person might be required to correctly assign a role to that person as an ISIM user. Minimally, ISIM requires the following information to manage an identity.

    • Common name (LDAP CN)
    • Last name (LDAP SN)

    Planning also needs to anticipate the effect of missing information in the user record. If the record that we feed into ISIM does not include an email address for the user, the user does not receive a password for a new account in an email. The user then must either call the help desk or contact the manager.

  2. Determine the format to use to load the data. For example, we might populate ISIM people registry by reconciling with one of the following formats:

  3. Create a service for the selected data format.

  4. If necessary, adjust an identity policy to use in reconciling the repository identity records.

  5. Reconcile the service to load the identity information.

    After the initial identity feed is completed, ensure that all the identities are loaded correctly. We might see inconsistencies in person and account data. The amount of cleanup depends on how well the organization prepares the identity data for the initial load.

  6. When the initial reconciliation completes successfully, create accounts on the resources that the organization wants to manage with ISIM.

Parent topic: People planning