The directory abstraction layer is a set of XML-based files that define a logical view of an Identity Vault for the user application. The directory abstraction layer defines:
The Identity Vault objects and attributes that the user application can display or modify.
How the user application displays Identity Vault data.
What relationships the user application can display.
The provisioning request categories the user application can display.
You use the directory abstraction layer editor to define the contents of the directory abstraction layer.
The directory abstraction layer editor is a graphical tool for defining the directory abstraction layer files. When you add a User Application driver to an Identity Manager project, Designer creates an initial set of directory abstraction layer files. These base files are displayed when you start the directory abstraction layer editor.
To start the directory abstraction layer editor:
Open the
and double-click the node.Designer displays a tree containing
, , , and nodes.The following table describes the nodes.
Use the left pane to navigate the directory abstraction layer nodes. When you select an item in the left pane, the right pane displays the attributes and settings for the selection.
Use the right pane to define the properties for the selection. For more information about the properties, see Section 3.7, Directory Abstraction Layer Property Reference.
The following table describes the directory abstraction layer toolbar:
Table 3-1 Directory Abstraction Layer Toolbar
The directory abstraction layer files you work with are stored in the Designer project’s Provisioning\AppConfig\DirectoryModel directory. The filenames are derived from the object key.
Table 3-2 Local Directory Abstraction Layer Directories
Designer creates the base set of directory abstraction layer files for each provisioning project. An identical set is deployed to the User Application driver when the user application is installed.
To customize the Identity Manager user application, you change the directory abstraction layer objects and deploy the changes to the User Application driver. Some entities, attributes, lists, and relationships are required for the user application to function properly. The editor displays a lock next to the definitions that you should not delete. From the list below, you can see that you should not delete the Task Group entity or any of its attributes.
Figure 3-1 The Task Group Entity Attributes