Enabling mapping lookup support and the use of policy associations for a target registry
Enterprise Identity Mapping (EIM) mapping policy support allows you to use policy associations as a means of creating many-to-one mappings in situations where associations between user identities and an EIM identifier do not exist. You can use a policy association to map a source set of multiple user identities (rather than a single user identity) to a single target user identity in a specified target user registry.
Before you can use policy associations, however, you must first ensure that you enable mapping lookups using policy associations for the domain. You must also enable one or two settings for each registry:
- Enable mapping lookups for registry Select this option to ensure that the registry can participate in EIM mapping lookup operations, regardless of whether the registry has any policy associations defined for it.
- Use policy associations Select this option to allow this registry to be the target registry of a policy association and ensure that it can participate in EIM mapping lookup operations.
If you do not enable mapping lookups for the registry, the registry cannot participate in EIM mapping lookup operations at all. If you do not specify that the registry use policy associations, then EIM mapping lookup operations ignore any policy associations for the registry when the registry is the target of the operation.
To enable mapping lookups to use policy associations for a target registry, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:
- EIM administrator
- Registry administrator
- Administrator for selected registries (for the registry that you want to enable)
To enable mapping lookup support in general, and to allow the use policy associations in specific, for a target registry, complete these steps: