12.1 Configuring the Data Source for Post Authentication Matching

A user is a valid Identity Governance user when the user is authenticated by a One SSO provider (OSP) and has been mapped to a published Identity Governance catalog user. The post authentication mapping occurs based on the User Mapping configuration.

IMPORTANT:Identity Governance evaluates only collected attribute values for the authentication matching rules, not edited values. For more information, see Changing the Values for Authentication Matching and Identity Governance Services in Identity Governance 4.2 Installation and Configuration Guide.

You can also add your own custom attributes to the catalog. For example, if your data source is eDirectory, you must extend the schema for the catalog because eDirectory contains more attributes than are built into the catalog.

By default, all Identity Governance users must have the LDAP Distinguished Name attribute mapped in the attribute catalog. Identity Governance uses this attribute to authenticate users who log in to the application.

  1. Log in to Identity Governance as a Customer, Global, or Data Administrator.

  2. Select Data Sources > Identities.

  3. Select the authentication server that you specified during installation.

  4. Ensure that you have collected data from the data source and it is enabled for user view. For more information, see Section 2.3, Assigning Authorizations to Identity Governance Users.

  5. Scroll down to the Collect User or the Collect Identity section.

  6. For LDAP Distinguished Name, specify the attribute in your identity source that you want to map to the login attribute for Identity Governance users.

    For example, your identity source points to a container in Active Directory. Users log in to your network with an AD attribute called username. For LDAP Distinguished Name, specify the username attribute. Identity Governance maps username to the LDAP Distinguished Name attribute in the catalog.

  7. (Optional) Map the other attributes in your identity source to the built-in attributes in the catalog.

  8. (Optional) To add custom attributes, complete the following steps:

    1. Select Add Attribute.

    2. Specify the settings for the new attribute, and then select Save.

    3. Specify an attribute from your identity source that you want to map to the new custom attribute.

    4. Select Save.

  9. (Optional) Add the new login users to authorizations in Identity Governance. For more information, see Section 2.3, Assigning Authorizations to Identity Governance Users.