12.1 Configuring the Data Source for Post Authentication Matching

A user is a valid OpenText Identity Governance user when the user is authenticated by a One SSO provider (OSP) and has been mapped to a published OpenText Identity Governance catalog user. The post authentication mapping occurs based on the User Mapping configuration.

IMPORTANT:OpenText Identity Governance evaluates only collected attribute values for the authentication matching rules, not edited values.

You can also add your own custom attributes to the catalog. For example, if your data source is OpenText eDirectory you must extend the schema for the catalog because OpenText eDirectory contains more attributes than are built into the catalog.

By default, all OpenText Identity Governance users must have the LDAP Distinguished Name attribute mapped in the attribute catalog. OpenText Identity Governance uses this attribute to authenticate users who log in to the application.

  1. Log in to OpenText Identity Governance as a Customer or Data Administrator.

  2. Select Data Sources > Identities.

  3. Select the authentication server that you specified during installation.

  4. Ensure that you have collected data from the data source and it is enabled for user view. For more information, see Section 2.3, Assigning Authorizations to OpenText Identity Governance Users.

  5. Scroll down to the Collect User or the Collect Identity section.

  6. For LDAP Distinguished Name, specify the attribute in your identity source that you want to map to the login attribute for OpenText Identity Governance users.

    For example, your identity source points to a container in Active Directory. Users log in to your network with an AD attribute called username. For LDAP Distinguished Name, specify the username attribute. OpenText Identity Governance maps username to the LDAP Distinguished Name attribute in the catalog.

  7. (Optional) Map the other attributes in your identity source to the built-in attributes in the catalog.

  8. (Optional) To add custom attributes, complete the following steps:

    1. Select Add Attribute.

    2. Specify the settings for the new attribute, and then select Save.

    3. Specify an attribute from your identity source that you want to map to the new custom attribute.

    4. Select Save.

  9. (Optional) Add the new login users to authorizations in OpenText Identity Governance. For more information, see Section 2.3, Assigning Authorizations to OpenText Identity Governance Users.