Mappings

Mappings represent associations between a source credential in one security domain and a target credential in another domain. For example, you can map credentials from your local registry to various other types of authentication registries, such as Lightweight Directory Access Protocol (LDAP).

Depending on the values used in the mapping and how the mapping is associated with an access point, the following three types of mapping associations are possible:

One-to-one mapping

This most basic type of mapping is used when a specific user wants to request the services of an access point. A source credential and a target credential are specified, and the target credential must be valid in the same registry that the access point uses for validation. This mapping can be used by any access point that happens to validate to the same registry.

One-to-one mapping with access point association

Use one-to-one mapping with access point association if you want to restrict a mapping to a particular access point.

As with one-to-one mapping, a source credential and a target credential are specified. The target credential must still be valid in the registry the access point uses for validation. However, the mapping is associated with a specific access point.

Many-to-one mapping with access point association

Use many-to-one mapping with access point association if you want to have a mapping with which any user can request the services of a particular access point. This method avoids the need to create many one-to-one mappings when all users must use the same target credential for an access point.

Note: Because this type of mapping can enable broad access, IBM® Flex System Manager requires that you associate this type of mapping with an access point.