4.10 Configuring ID Policies

An ID policy allows the ID Provider driver to generate unique IDs. When the ID Provider driver receives an ID request from a client, it generates an identification that is based on the ID policy specified in the request and passes it to the client. ID Provider driver and ID policies are a feature of Identity Manager 3.6.

The ID Provider driver can act as a client itself and can assign IDs to objects in the Identity Vault. For more information about the ID Provider driver and its components, see the ID Provider Driver Guide.

To configure an ID policy, you must first add the ID Provider driver to a driver set that accesses an Identity Manager 3.6 Identity Vault. Then under the ID Provider driver, create an ID Policy container, then add an ID policy. Once created, double-click the ID policy in the Outline view, or right-click the ID policy and select Properties.

Figure 4-16 The ID Policy’s General Properties Page

Table 4-20 The ID Policy’s General Settings



Policy Name

The name of the ID policy.

Policy’s Last ID

The last ID number that was used by this ID policy. If you have deployed this ID policy, use the Connect icon to update this field to the last ID number that was stored in the Identity Vault for this ID policy.

NOTE:Only the ID Provider driver can update the last value stored in the Identity Vault.




Numbers must be between 0 and 2147483647. If you have a fixed system that can only handle eight digits, set the Maximum to 99999999.


Allows you to include or exclude a set of numbers that you type in. Numbers can be typed in a coma-delimited list and you can use ranges, such as 10,100,1000,5000-10000,1099, etc.


Allows you to give a prefix to the IDs that are generated using this ID policy. If you create multiple ID policies, a prefix is useful to see which ID policies are being used. An example is WFID, for workforce IDs.

Fill: Yes/No

If you choose Yes, the ID is filled with leading zeros (0) up to the maximum length. This helps keep generated IDs at the same length. If you select No, it does nothing and the ID lengths increment over time.

Access Control:



Check this box if you want to enable access control lists.


Type in the access control lists you want to use. Access control must be enabled before you can type in ACLs.