Creating Custom Rules

Identity Manager predefines a number of correlation and confirmation rules in sample/reconRules.xml. You can use these as a basis for your own rules. Rules must be assigned a subtype of SUBTYPE_ACCOUNT_CORRELATION_RULE or SUBTYPE_ACCOUNT_CONFIRMATION_RULE.

The following rule compares the account.EmployeeId attribute, which is defined on the secondary resource, with the EmployeeId attribute that was previously loaded into Identity Manager. If the secondary resource has an account.EmployeeId value, then the correlation rule returns a list of users that match the EmployeeId.

<Rule subtype=’SUBTYPE_ACCOUNT_CORRELATION_RULE’ name=’Correlate Employee IDs’
   <cond>
      <ref>account.EmployeeId</ref>
      <list>
         <new class=’com.waveset.object.AttributeCondition’>
            <s>EmployeeId</s>
            <s>equals</s>
            <ref>account.EmployeeId</ref>
         </new>
      </list>
   </cond>
</Rule>

In this example, the EmployeeId attribute has been previously added to the User Extended Attributes and UserUIConfig configuration objects. If this attribute has was not included as a default Identity Manager attribute name for the resource, it must also be added or edited on the schema map for the resource.

Correlation rules return a list of possible matches. If the results are expected to return only one match, such as an employee ID, then no confirmation rule would be needed. However, if there could be multiple matches, which could be the case if correlation found accounts that matched by first and last name, then a confirmation rule would be needed to further identify the match.

Rules can be added to Identity Manager by using the Identity Manager IDE, importing an XML file, or editing and renaming an existing rule using the debug page.