After completing the import configurations, you can tune the configurations by selecting
attributes to define valid usernames that combine users and enrich data that is displayed in UBA by defining attributes for
display data.
Before you begin
You can access the User import wizard. For more information, see Importing users.
Note: If you are connecting to an Active Directory, you do not have to configure the Tuning page.
The default values for the tuning are optimized for Microsoft Active Directory.
About this task
All LDAP attributes on the remote LDAP server are saved. By saving the LDAP attributes, it is
possible to use all the values in the LDAP schema, even in the case of attributes that are not
uniform to every LDAP record.
Note: When you remove aliases or display fields they are removed from
your import configurations and future import tasks. You must manually add them back if you removed
them.
In UBA 4.1.0 or later, you
can create custom attributes.
Procedure
-
On the User Imports window, click Tuning.
- In the User Coalescing section, click Edit.
- On the Edit: User Coalescing pane, select at least one attribute
from the current imports, which UBA can use to identify and combine
activity from the different user names of each user.
You
can also remove an alias to uncoalescence (separate combined users) that you have previously
coalesced. When you remove an alias it then recoalesces. Note that when you delete an alias it takes
effect only when the value of that alias is not shared with the deleted imports.
Note:
Attributes added in the user coalescing section should be unique to an individual. Attributes
that contain user names for various accounts used throughout the enterprise should be selected, such
as 'samaccountname' or 'distinguished name'. Selecting values that are shared among many users,
results in UBA combining the
users together. Values such as "department" and "country" should not be selected.
-
In the Display Fields section, click Edit to customize the attributes
that you want to display on the User Details page. You can also click
Add to select attributes for the selected display field.
Note:
The order that the attributes are shown, determines the order that UBA gets the value for the
attributes to be displayed on the User Details page. For example, if the order of the attributes is
“displayname” followed by “cn”, then when user coalescing, if “displayname” has a value for that
user, that value is used, and will not find the value of “cn”. If “displayname” has no value, it
will go to find the next attributes for “cn”. If “cn” has no value, it will go to find the next
attribute and so on.
Important: The Custom group display attribute is a special
attribute that is used to define a grouping attribute that can be selected as the grouping mechanism
for the Defined Peer Group Machine Learning analytic. This attribute is not displayed on the user
profile page like the other display attributes. An attribute from the configured LDAP, reference
table, or CSV file user import can be selected. The selected attribute should be one that allows for
clustering of the user population. Examples of Active Directory attributes that might be useful for
such grouping are "physicalDeliveryOfficeName", "memberOf " and "divison". Attributes that are
unique per individual should not be selected. Do not use Custom group for any other purposes.
-
Click Save.
Note: After you click Save, the data that is imported from all sources is reprocessed based on the
new selections of coalescing aliases and display keys.
The following example shows 4.1.0 with the
Custom attributes
button.
Results
Tip:
If you chose the wrong attribute for user coalescing and encounter issues, you can remove it and
it will uncoalesce the attribute.