Enabling policy associations for a domain

A policy association provides a means of creating many-to-one mappings in situations where associations between user identities and an Enterprise Identity Mapping (EIM) identifier do not exist.

You can use a policy association to map a source set of multiple user identities (rather than a single user identity) to a single target user identity in a specified target user registry. Before you can use policy associations, however, you must first ensure that you enable the domain to use policy associations for mapping lookup operations.

To enable mapping policy support to use policy associations for a domain, you must be connected to the EIM domain in which you want to work and you must have EIM administrator access control.

To enable mapping lookup support to use policy associations for a domain, complete these steps:

From IBM® Navigator for i, expand Security > Enterprise Identity Mapping (EIM).
Click Domain Management.
- If you are not currently connected to the EIM domain controller, a Connect to EIM Domain Controller dialog box is displayed. Enter the connection information to use for the connection to the EIM domain controller. Click OK
Right-click the EIM domain in which you want to work and select Mapping Policy.
On the General page, select Enable mapping lookups using policy associations for domain.
Click OK.

Note: You must enable mapping lookups and the use of policy associations for each target registry definition for which there are policy associations defined. If you do not enable mapping lookups for the target registry definition, that registry cannot participate in EIM mapping lookup operations. If you do not specify that the target registry can use policy associations, then any defined policy associations for that registry are ignored by EIM mapping lookup operations.