Developing an EIM identifier naming plan

When planning your Enterprise Identity Mapping (EIM) identity mapping needs, you can create unique EIM identifiers for users of EIM-enabled applications and operating systems in your enterprise when you want to create one-to-one mappings between user identities for a user. By using identifier associations to create one-to-one mappings you can maximize the password management benefits that EIM provides.

The naming plan that you develop depends on your business needs and preferences; the only requirement for EIM identifier names is that they be unique. Some companies may prefer to use each person's full, legal name; other companies may prefer to use a different type of data, such as each person's employee number. If you want to create EIM identifier names based on each person's full name, you may anticipate possible name duplication. How you handle potential duplicate identifier names is a matter of personal preference. You may want to handle each case manually by adding a predetermined character string to each identifier name to ensure uniqueness; for example, you might decide to add each person's department number.

As part of developing an EIM identifier naming plan, you need to decide on your overall identity mapping plan. Doing so can help you to decide when you need to be using identifiers and identifier associations versus using policy associations for mapping identities within your enterprise. To develop your EIM identifier naming plan, you can use the work sheet below to help you gather information about the user identities in your organization and to plan EIM identifiers for the user identities. The work sheet represents the kind of information the EIM administrator needs to know when he creates EIM identifiers or policy associations for the users of an application.

Table 1. Example EIM identifier planning work sheet
Unique identifier name Identifier or user identity description Identifier alias
John S Day Human resources manager app_23_admin
John J Day Legal Department app_xx_admin
Sharon A. Jones Order Department Administrator  

An application that is written to use EIM may specify an alias that it uses to find the appropriate EIM identifier for the application, which the application may use in turn to determine a specific user identity to use. You need to check the documentation for your applications to determine whether you need to specify one or more aliases for the identifier. The EIM identifier or user identity description fields are free form and can be used to provide descriptive information about the user.

You do not need to create EIM identifiers for all members of your enterprise at one time. After creating an initial EIM identifier and using it to test your EIM configuration, you can create additional EIM identifiers based on your organization's goals for using EIM. For example, you can add EIM identifiers on a departmental or area basis. Or, you can add EIM identifiers as you deploy additional EIM applications.

After you gather the information that you need to develop an EIM identifier naming plan, you can plan associations for your user identities.