Creating EIM identifier association

Identifier associations define a relationship between an Enterprise Identity Mapping (EIM) identifier and a user identity in your enterprise for the person or entity to whom the EIM identifier refers.

You can create three types of identifier association: target, source, and administrative. To prevent potential problems with associations and how they map identities, review Developing an identity mapping plan .

To create an identifier association, you must be connected to the EIM domain in which you want to work and you must have the EIM access control required by the type of association that you want to create.

To create a source or an administrative association, you must have EIM access control at one of these levels:

  • Identifier administrator.
  • EIM administrator.
To create a target association, you must have EIM access control at one of these levels:
  • Registry administrator.
  • Administrator for selected registries (for the registry definition that refers to the user registry that contains the target user identity)
  • EIM administrator.

To create an identifier association, complete these steps:

  1. From IBM® Navigator for i, expand Security > Enterprise Identity Mapping (EIM).
  2. Click Domain Management.
    • If you are not currently connected to the EIM domain controller, a Connect to EIM Domain Controller dialog box is displayed. Enter the connection information to use for the connection to the EIM domain controller. Click OK
  3. Right-click the EIM domain in which you want to work and select Open.
  4. Right-click Identifiers and select Open to display the list of EIM identifiers for the domain.
  5. Right-click the EIM identifier for which you want to create an association and select Properties
  6. In the Properties dialog box, in the Associations portion of the page, click the Actions menu and select Add.
  7. In the Add Association dialog box, provide information to define the association, as follows:
    • The name of the registry that contains the user identity that you want to associate with the EIM identifier. Specify the exact name of an existing registry definition or browse to select one.
    • The name of the user identity that you want to associate with the EIM identifier.
    • The type of association. You can create one of three different types of associations:
      • Administrative
      • Source
      • Target
  8. Optional. For a target association, click Advanced to display the Add Association - Advanced dialog. Specify lookup information for the target user identity and click OK to return to the Add Association dialog.
  9. After you provide the required information, click OK to create the association.