6.2 Filter Tasks in iManager

This section contains instructions on performing common filter-related tasks in iManager:

6.2.1 Accessing the Filter

  1. In iManager, expand the Identity Manager Role, then click Identity Manager Overview.

  2. Select Search entire tree or Search in container, then click Search.

  3. Click the driver for which you want to access the filter. The Identity Manager Driver Overview opens:

    Figure 6-6 Driver Overview

  4. Click the Filter icon on the Publisher or Subscriber channel. It is the same object.

6.2.2 Editing the Filter

The Filter editor gives you the options of editing how information is synchronized between the Identity Vault and the connected system. Here is a list of most common tasks when editing the filter:

Removing a Class or an Attribute from the Filter

  1. Select the class or attribute, then click Delete.

Adding a Class

  1. Click Add Class.

  2. Change the options to synchronize the information.

  3. Click Apply.

Adding an Attribute

  1. Click Add Attribute.

  2. Change the option to synchronize the information.

  3. Click Apply.

Copying a Filter

Allows you to copy the filter from an existing driver into the driver you are currently working on.

  1. Click Copy Filter From.

  2. Browse to the driver you want to copy the filter from, then click OK.

Setting a Template

Allows you to set the default values for an attribute you add to the filter.

  1. Click Set Template.

  2. Select options you would like new attributes to have, then click OK.

You can change the values of the attributes after they have been created.

Changing the Filter Settings

The Filter editor gives you the option of changing how information is synchronized between the Identity Vault and the connected system. The filter has different settings for classes and attributes.

  1. In the Filter editor, select a class.

  2. Change the filter settings for the selected class.

    Options

    Definitions

    Publisher

    • Synchronize: Allows the class to synchronize from the connected system into the Identity Vault.

    • Ignore: Does not synchronize the class from the connected system into the Identity Vault.

    Subscriber

    • Synchronize: Allows the class to synchronize from the Identity Vault into the connected system.

    • Ignore: Does not synchronize the class from the Identity Vault into the connected system.

    Create Home Directory

    • Yes: Automatically creates home directories.

    • No: Does not create home directories.

    Track Member of Template

    • Yes: Determines whether or not the Publisher channel maintains the Member of Template attribute when it creates objects from a template.

    • No: Does not track the Member of Template attribute.

  3. Select an attribute.

  4. Change the filter settings for the selected attribute.

    Options

    Definitions

    Publisher

    • Synchronize: Changes to this object are reported and automatically synchronized.

    • Ignore: Changes to this object are not reported nor automatically synchronized.

    • Notify: Changes to this object are reported, but not automatically synchronized.

    • Rest: Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher channel or Subscriber channel, not both.)

    Subscriber

    • Synchronize: Changes to this object are reported and automatically synchronized.

    • Ignore: Changes to this object are not reported nor automatically synchronized.

    • Notify: Changes to this object are reported, but not automatically synchronized.

    • Reset: Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher channel or Subscriber channel, not both.)

    Merge Authority

    • Default Behavior: If an attribute is not being synchronized in either channel, no merging occurs.

      If an attribute is being synchronized in one channel and not the other, then all existing values on the destination for that channel are removed and replaced with the values from the source for that channel. If the source has multiple values and the destination can only accommodate a single value, then only one of the values is used on the destination side.

      If an attribute is being synchronized in both channels and both sides can accommodate only a single value, the connected application acquires the Identity Vault values unless there is no value in the Identity Vault. If this is the case, the Identity Vault acquires the values from the connected application (if any).

      If an attribute is being synchronized in both channels and only one side can accommodate multiple values, the single-valued side’s value is added to the multi-valued side if it is not already there. If there is no value on the single side, you can choose the value to add to the single side.

      This is always valid behavior.

    • Identity Vault: Behaves the same way as the default behavior if the attribute is being synchronized on the Subscriber channel and not on the Publisher channel.

      This is valid behavior when synchronizing on the Subscriber channel.

    • Application: Behaves the same as the default behavior if the attribute is being synchronized on the Publisher channel and not on the Subscriber channel.

      This is valid behavior when synchronizing on the Publisher channel.

    • None: No merging occurs regardless of synchronization.

    Optimize Modification to Identity Manager

    • Yes: Changes to this attribute are examined on the Publisher channel to determine the minimal change made in the Identity Vault.

    • No: Changes are not examined.

  5. Click OK to save the changes.