Adding lookup information to a target user identity

Lookup information is optional unique identifying data for the target user identity defined in an association. This association can be either an identifier target association or a policy association.

Lookup information is necessary only when a mapping lookup operation can return more than one target user identity. This situation can create problems for Enterprise Identity Mapping (EIM) enabled applications, including IBM® i applications and products, that are not designed to handle these ambiguous results.

When necessary, you can add unique lookup information for each target user identity to provide more detailed identifying information to further describe each target user identity. If you define lookup information for a target user identity, this lookup information must be provided to the mapping lookup operation to ensure that the operation can return a unique target user identity. Otherwise, applications that rely on EIM may not be able to determine the exact target identity to use.

Note: If you do not want EIM lookup operations to be able to return more than one target user identity, then you should correct your EIM associations configuration instead of using looking information to resolve the situation. Review Troubleshooting EIM mapping problems for more detailed information.

How you add lookup information to further define a target user identity varies based on whether the target user identity is defined in an identifier association or a target association. Regardless of the method that you use to add the lookup information, the information that you specify is tied to the target user identity, not the identifier associations or policy associations in which that user identity is found.

Add lookup information to a target user identity in an identifier association

To add lookup information to the target user identity in an identifier association, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:

  • Registry administrator.
  • Administrator for selected registries (for the registry definition that refers to the user registry that contains the target user identity).
  • EIM administrator.

To add lookup information to the target user identity in an identifier association, complete these steps:

  1. From IBM Navigator for i, expand Security > Enterprise Identity Mapping (EIM).
  2. Click Domain Management.
    • If you are not currently connected to the EIM domain controller, a Connect to EIM Domain Controller dialog box is displayed. Enter the connection information to use for the connection to the EIM domain controller. Click OK
  3. Right-click the EIM domain in which you want to work and select Open.
  4. Right-click Identifiers and select Open to display the list of EIM identifiers for the domain.
  5. Right-click an EIM identifier and select Properties.
  6. In the Properties dialog box, in the Associations portion of the page, select the target association to which you want to add lookup information, and click Details.
  7. In the Association - Details dialog, specify the Lookup information that you want to use to further identify the target user identity in this association and click Add.
  8. Repeat this step for each lookup information entry that you want to add to the association.
  9. Click OK to save your changes and to return to the Association - Details dialog.
  10. Click OK to exit.

Add lookup information to a target user identity in a policy association

To add lookup information to the target user identity in a policy association, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:

  • Registry administrator.
  • Administrator for selected registries (for the registry definition that refers to the user registry that contains the target user identity (ID).
  • EIM administrator.

To add lookup information to the target user identity in a policy association, complete these steps:

  1. From IBM Navigator for i, expand Security > Enterprise Identity Mapping (EIM).
  2. Click Domain Management.
    • If you are not currently connected to the EIM domain controller, a Connect to EIM Domain Controller dialog box is displayed. Enter the connection information to use for the connection to the EIM domain controller. Click OK
  3. Right-click the EIM domain in which you want to work and select Mapping Policy.
  4. In the Mapping Policy dialog, on the Domain page, find and select the policy association for the target registry that contains the target user identity for which you want to add lookup information.
  5. Click Details to display the appropriate Policy Association - Details dialog for the type of policy association that you selected.
  6. Specify the Lookup information that you want to use to further identify the target user identity in this policy association and click Add. Repeat this step for each lookup information entry that you want to add to the association.
  7. Click OK to save your changes and to return to the original Policy Association - Details dialog.
  8. Click OK to exit.