Skip to content

Account Mappings

Note

Extended attribute names must be unique. Extended attributes cannot share a name with any other attribute in any other application schema.

Use the Account Mapping page to setup and map specialized accounts. Specialized accounts can be any accounts that justify special handling throughout your enterprise. For example privileged accounts such as Root, Administrator, or Super User, and service accounts that access a specific service or function on an application. Any attribute extended on this page is available for searching on the Identity Search page.

You can assign icons to extended attributes to highlight these accounts in certifications and the detailed identity pages. See Create Icons to Represent Specialized Account Attributes (link).

Specialized account attributes can be modeled to handle any concept using simple one-to-one mapping and rules. This section describes two of the most common scenarios.

Use the Account Attributes page to view the extended account attribute information for your configuration. Use this page to set up specialized account attributes such as Privileged and Service, and any other extended attributes for use in certifications and searches.

The Account Attributes page contains the following information:

Attribute
The display name of an account attribute derived from the attribute and its associated application in the Primary Source Mapping column.

Primary Source Mapping
The first of the list of attribute/application pairs or rules from which account attributes are derived. If the required data is unavailable on this primary source, the collection process continues down the list of configured sources until the information is found. Set up the list of sources on the Edit Account Attribute page.

To work with the attributes and sources, see Edit Account Attributes.

To delete account attributes, right-click the attribute and select Delete.

To edit account attributes, right-click the attribute and select Edit.

Additional Information

Edit Account Attributes Page

How to Add or Edit Account Attributes

Edit Account Attributes Page

Use the Edit Account Attribute page to create and edit account attributes including the display name, attribute type and source mapping. You can also use this page to create specialized account attributes. See Create Icons to Represent Specialized Account Attributes (link).

The maximum number of searchable attributes that can be created is defined during the installation and configuration process. By default you can set five searchable account attributes. See System Setup (link).

The Edit Account Attribute page contains the following information

Account Attribute

Attribute Name
The name of the attribute as it appears in the application.
Changing an attribute name might cause attributes that were previously aggregated to no longer be recognized.

Display Name
The IdentityIQ user assigned name for use throughout IdentityIQ.

Advanced Options

Edit Mode

Enable editing of this attribute.
Read Only – this attribute cannot be edited.
Permanent – changes made to this attribute manually are not overwritten by refresh tasks.
Temporary – changes made to this attribute manually are overwritten by the first refresh task that detects a value different than the original value.

For example, if the original value is A and it is manually changed to B, the value is not overwritten by a refresh task until the newly aggregated value is not A. When an aggregation detects a value that is not A, it refreshes the manually-changed value and the value is updated with each subsequent refresh.

Attribute Type
The attribute type to be linked, for example string, Boolean, or date.

Searchable
Account attributes are existing link values and are always searchable. This field is displayed as selected and read only so that identity and account attribute configuration pages are consistent in appearance.

Multi-Valued
Specify attributes for which multiple values might be returned during aggregation.
Attributes flagged as multi-valued are stored as a list. Even objects that have a single value for a multi-value attribute are stored as a single-item list. Multi-valued attributes are used for queries throughout the product.

Source Mappings

The list of attribute / application pairs or rules from which account attributes are derived. If the required data is unavailable on this primary source, the collection process continues down the list of configured sources until the information is found. This feature is unlikely to be used for Account Attribute mapping.

How to Add or Edit Account Attributes

Note

When mapping to a named column, specify the name to match the .hbm.xml property name, not the database column name. With camel case the database column name is translated to lower case with underscore separators. For example, costCenter in the Hibernate mapping file becomes cost_center in the database.

  1. Click Add New Attribute or click an existing attribute to display the Edit Account Attribute page.

  2. Enter or change the attribute name and an intuitive display name. !!!note You cannot define an extended attribute with the same name as any application attribute that is provided by a connector.

  3. Edit the Advance Options as required.

  4. Click Add Source to display the Add a source dialog and specify a source for the new attribute.

    1. Map directly to an attribute on an application .

      1. Select Application Attribute.
      2. Select an application from the Application dropdown list.
      3. Select an attribute from the Attribute dropdown list.

    2. Map to an application rule. This rule only applies to the application specified.

      1. Select Application Rule.

      2. Select an application from the Application dropdown list.

      3. Select a rule from the Rule dropdown list.

    3. Map to a global rule. This rule applies to all applications that contain this attribute.

      1. Select Global rule (all applications).

      2. Select a rule from the Rule dropdown list.

  5. Click Add to add the new source.

  6. Use the arrows to the right of the sources list to rearrange the search order for the attribute sources.

    When aggregation tasks are run they search the source at the top of the list, or the primary source, first and then work down the list.

  7. Click Save to create the new attribute and return to the Account Attribute page.