Resource account attributes (or schema maps) provide an abstract method for referring to attributes on managed resources. The schema map allows you to specify how attributes will be referred to within Identity Manager (the left side of the schema map) and how that name is mapped to the attribute name on the actual resource (the right side of the schema map). You can then refer to the Identity Manager attribute name within forms or workflow definitions and effectively reference the attribute on the resource, itself.
An example of a mapping between attributes in Identity Manager and those for an LDAP resource is as follows:
Identity Manager Attribute |
LDAP Resource Attribute |
|
firstname |
<--> |
givenName |
lastname |
<--> |
sn |
Any reference to the Identity Manager attribute, firstname, is actually a reference to the LDAP attribute, givenName when an action is taken upon that resource.
When managing multiple resources from Identity Manager, mapping a common Identity Manager account attribute to many resource attributes can greatly simplify resource management. For example, the Identity Manager fullname attribute can be mapped to the Active Directory resource attribute displayName. Meanwhile, on an LDAP resource, the same Identity Manager fullname attribute can be mapped to the LDAP attribute cn. As a result, an administrator only needs to provide a fullname value once. When the user is saved, the fullname value is then passed to the resources that have different attribute names.
By setting up a schema map on the Account Attributes page of the Resource Wizard, you can do the following:
Define attribute names and data types for attributes coming from managed resources
Limit resource attributes to only those that are essential for your company or organization
Create common Identity Manager attribute names to use with multiple resources
Identify required user attributes and attribute types
To view or edit resource account attributes, follow these steps:
In the Administrator interface, click Resources.
Select the resource for which you want to view or edit the account attributes.
In the Resource Actions list, click Edit Resource Schema.
The Edit Resource Account Attributes page opens.
The left column of the schema map (titled Identity System User Attribute) contains the names of Identity Manager account attributes that are referenced by the forms used in the Identity Manager Administrator and User interfaces. The right column of the schema map (titled Resource User Attribute) contains the names of attributes from the external source.