Identity Template
Note –
An identity template is only available to Administrators who are defining the resource.
To view or edit the Identity Manager schema for Users or Roles, you must be a member of the IDM Schema Configuration AdminGroup and you must have the IDM Schema Configuration capability.
You use the identity template (or account DN) to define a user’s default account name syntax when creating the account on the resource. The identity template translates the Identity Manager user account information to account information on the external resource.
You can use any schema map attribute (an attribute listed on the left side of the schema map) in the identity template, and you can overwrite the user identity template from the User form, which is commonly done to substitute organization names.
Identity Manager users have an identity for each of their accounts, and this identity can be the same for some or for all of these accounts. The system sets the identity for an account when the account is provisioned. The Identity Manager user object maintains a mapping between a user’s identities and the resources to which they correspond.
The user has a primary accountId in Identity Manager that is used as a key and as a separate accountId for each of the resources on which that user has an account. The accountId is denoted in the form of accountId:<resource name>, as shown in the following table.
Table 9–8 accountID Examples|
Attribute |
Example |
|---|---|
|
accountId |
maurelius |
|
accountId:NT_Res1 |
marcus_aurelius |
|
accountId:LDAP_Res1 |
uid=maurelius,ou=marketing,ou=employees,o=abc_company |
|
accountId:AIX_Res1 |
maurelius |
Account user names are in one of two forms:
-
Flat namespaces
-
Hierarchical namespaces
- © 2010, Oracle Corporation and/or its affiliates