Defining Custom Correlation Keys
A rule cannot compare an account value on a resource with an Identity Manager value unless the value is stored in the system. The accounts[Lighthouse] attribute stores many of these values, but additional values must be added with the Extended User Attributes Configuration object. The system does not save attributes that are not registered in the configuration object.
By default, the following attributes are included as extended user attributes:
-
firstname
-
lastname
-
fullname
Note –
The fullname extended user attribute must be added to the list of QueryableAttrNames.
If you want to use a different attribute, such as an employee ID as part of a correlation rule, then you must add it to the User Extended Attributes configuration object. Use the following steps to do this:
To Define a Custom Correlation Key
-
Access the Identity Manager debug page at http://PathToIDM/debug. The System Settings page is displayed.
-
Select Configuration from the List Objects pull-down menu. The List Objects of type: Configuration page is displayed.
-
Select the edit link for User Extended Attributes.
-
Add the new attributes to the List element, for example:
<String>EmployeeId</String>
-
The attribute must be defined as an Identity Manager attribute on the Account Attributes (schema map) page for the resource.
-
Save your changes. Identity Manager returns to the System Settings debug page.
The custom attribute must also be added to the QueryableAttrNames element in the UserUIConfig configuration object.
-
Select Configuration from the List Objects pull-down menu. The List Objects of type: Configuration page is displayed.
-
Select the edit link for UserUIConfig.
-
Add the new attributes to the <QueryableAttrNames><List> element, for example:
<String>EmployeeId</String>
-
Save your changes. Identity Manager returns to the System Settings debug page.
-
Restart your application server.
- © 2010, Oracle Corporation and/or its affiliates