Logical Connector - Tiers Tab

This section contains the information that this connector uses to build the relationships between the tier applications that make up a logical application. For an identity to have an account on a logical application they must have the required, matching accounts on all tier applications. For example an identity, Lori Ferguson, might be represented by the attribute dbid on one tier and username on another. You must correlate those attributes, either manually or with a correlation rule, to create accounts on the logical application.

Add Tiers to a Logical Application

You must define the tier applications that are contained within the logical application and identify the application to be used as the primary tier application.

Select the application from the Select an Application drop-down list and select Add Tier. Select the arrow to right of the field to display all applications configured to work with IdentityIQ or type the first few letters of an application name to display a list of applications with names containing that letter string. You can add as many applications as required.

Specify the primary tier application by selecting it in the Primary Tier column. The primary tier application is the application containing all of the attributes to which the attributes on the other tiers will correlate. Every account on the logical application must have an account on the primary tier application. In some instances this might be a human resources application containing all of the identities. A logical application can only have one primary tier application.

Select the application using the selection boxes in the left-most column and select Remove Selected.

Correlate Tier Application Attributes

Use the logical application tier attribute mapping, or correlation, panel to either manually map attributes for correlation or assign an existing correlation rule. For an identity to have an account on a logical application they must have the required, matching, accounts on all tier applications. Map the attributes on each application that should have matching values.

  1. Select a non-primary tier application in the application list. The selected application is highlighted and any mapped correlation attributes are displayed in the attribute correlation panel.
    If you select the primary tier application a note is displayed stating that no correlation is required on the primary tier.

  2. Select Add Attribute to display a row in which to add the new attribute.

  3. Select on the row to activate either the Tier Attribute or Primary Tier Attribute field.

  4. Select an attribute from the drop-down list in both columns.

  5. Select Save Changes or continue mapping attributes for the applications.

Open the Use Correlation Rule panel and select a rule from the Correlation Rule drop-down list. The rule should contain all of the attribute mapping required for this logical application.

The Tiers tab contains the following information:

Select an existing account rule from the drop-down list.

The logical application rule defines the requirements that must be met before an identity is assigned an account on this logical application.

Note
Select the "..." icon to launch the Rule Editor to make changes to your rules if needed.

Select an existing provisioning rule from the drop-down list.

The logical provisioning rule defines how provision requests for the logical application account or any of the accounts with which it is comprised are handled.

Note
Select the "..." icon to launch the Rule Editor to make changes to your rules if needed.

The tier applications that make up the logical application.

Designate one tier application as the primary tier application. The primary tier application is the application containing all of the attributes to which the attributes on the other tiers will correlate. Every account on the logical application must have an account on the primary tier application. In some instances this might be a human resources application containing all of the identities in IdentityIQ.

A logical application can only have one primary tier application.

Attributes from the selected tier application whose values must match the values of the associated attributes from the primary tier application.

Attributes on the primary tier application to which the attribute values from the tier applications must match.

Use account matching to select attributes and permissions from existing application tiers as the parameters for your logical application. This panel contains the following:

  • Application Items — Select Add Attribute to include application attributes in your account matching parameters. Select Add Permission to include application permissions in you account matching parameters.

  • Operation — Choose the AND / OR operator to include multiple attributes / permissions.

  • Type — Indicates either Attribute or Permission.

  • Application — Indicates the application from which the attribute or permission is being matched.

  • Name — Select an attribute from the drop-down list or input the permission name into the field.

  • Value — Input the value of the attribute or permission.

  • Group/Ungroup/Delete Selected — Use the checkbox to select line items on which to perform the respective action.