Attribute Mapping

Attribute mapping is required to define which target attributes correspond to the IBM® Security Identity Governance and Intelligence account attributes.

About this task

This task involves an account attribute mapping definition file, which is included in the adapter package.

The file consists of IBM Security Identity Governance and Intelligence account attributes and their equivalent attributes in the managed target. The file is structured as <IGI_attribute> = <target_attribute>.

The <IGI_attribute> is fixed and must not be modified. Edit only the <target_attribute>. Some <IGI_attribute> already has a fixed equivalent <target_attribute> of eraccount.

Some <IGI_attribute> do not have a defined <target_attribute> and you can assign the mapping. For example, surName=surName and ATTR1=ATTR1.

Note:
  • The default mapping is already included out-of-the box. If there are no changes to the attribute mapping, there is no need to import the attribute mapping files.
  • It might take up to 10 minutes for the attribute mapping changes to take effect once the file is imported.

Procedure

  1. Open the mapping definition file by using any text editor.
  2. Edit the mapping.
  3. If the target attribute has a list of predefined values, use the following syntax to convert its values to the corresponding IBM Security Identity Governance and Intelligence attribute values: 
    
[conversion].<target_attribute>.<IGI_attribute> =
[<target_attribute_value1>=<IGI_attribute_value1>;...;
<target_attribute_valuen>=<IGI_attribute_valuen>]
  4. For attributes that contains date and time, use the following syntax to convert its values. For example: 
    
[conversion.date].erbirthDate.BIRTHDAY=[yyyyMMdd=dd/MM/yyyy HH:mm:ss]
[conversion.date].ACCOUNT_EXPIRY_DATE.ACCOUNT_EXPIRY_DATE=
[dd/MM/yyyy HH:mm:ss=dd/MM/yyyy HH:mm:ss]
  5. Import the updated mapping definition file through the Enterprise Connectors module. For more information, see Attribute-to-permission mapping service in the IBM Security Identity Governance and Intelligence product documentation.
  6. Map the following attributes for Channel-Write To and Channel-Read From. 
    
Attribute               Mapped Attribute
eruid                     CODE
erpassword            PASSWORD

    For more information, see :Mapping attributes for a connector" in the IBM Security Identity Governance and Intelligence product documentation.