Configuring the Schema
The Configuration > Schema tab is used to define the attributes for each object type in the application being configured. Use the following fields to define attributes for use with the IdentityIQ application.
Note
Fields marked with an asterisk (*) are required fields.
See Schema Attributes for a complete list and description of supported attributes.
For Object Type: account:
Native Object Type*
LDAP default types are iNetOrgPerson and groupOfUniqeNames for groups.
The type of object with which the attributes are associated. For example, User and Group for Active Directory LDAP or DBA_USER and DBA_ROLES for Oracle.
Identity Attribute*
Do not change the identity attribute on connectors with pre-defined schema.
The attribute that is used by the IdentityIQ application to identify the object.
Display Attribute
The attribute that is used as the object name as it appears throughout the IdentityIQ application.
Instance Attribute
The attribute that uniquely identifies a specific instance of an application.
Instance Attributes are not supported for Managed Attributes.
Remediation Modifiable
This option does not apply to MEDITECH because it is Readonly.
Accounts that are remediation modifiable can have their values and permissions modified from the Certification Report page for the identity being certified.
For Object Type: Role:
Aggregation Type
Select the aggregation type to use for roles. These are used to define the makeup of the Target and Target Permissions.
-
Group
-
Alert
-
Unstructured
Native Object Type*
LDAP default types are iNetOrgPerson and groupOfUniqeNames for groups.
The type of object with which the attributes are associated. For example, User and Group for Active Directory LDAP or DBA_USER and DBA_ROLES for Oracle.
Identity Attribute*
Do not change the identity attribute on connectors with pre-defined schema.
The attribute that is used by the IdentityIQ application to identify the object.
Description Attribute
Used during group/role aggregation to indicate which of the attributes is used to populate the corresponding ManagedAttribute description. The value set here overwrites values set during the Account Group Aggregation task.
Display Attribute
The attribute that is used as the object name as it appears throughout the IdentityIQ application.
Instance Attribute
The attribute that uniquely identifies a specific instance of an application.
Instance Attributes are not supported for Managed Attributes.
Remediation Modifiable
This option does not apply to MEDITECH because it is Readonly.
Accounts that are remediation modifiable can have their values and permissions modified from the Certification Report page for the identity being certified.