Global Identity Builder project properties
Each Global Identity Builder project is associated with a set of properties. The properties are described in this section and an example is shown in the following screen:
Project name
Unique name for the project. This value must be a least 4 characters (alphanumeric and underscore only) and not contain spaces. The project contains all configurations related to correlating a set of identity sources and creating a global profile view. This property is required.
Naming context
The root naming context in RadiantOne where the final global profile view is mounted. This property is required.
The virtual view generated by the Global Identity Builder tool is not editable from the Main Control Panel > Directory Namespace tab. Changes must be made using the Global Identity Builder tool. If you need to add interception scripts, computed attributes, or external joins, virtualize/extend the naming context containing the global profile view and define these configurations on the new view. Details on this process are in extend the global profile view.
Global profile object class
The structural object class(es) associated with the identities in the global profile view. The RadiantOne schema associated with the object class(es) configured for this property dictates the possible attributes to select for the Login Attributes and Search Attributes properties. The drop-down list is populated from the RadiantOne LDAP schema. This property is required.
A preview of all attributes associated with the selected object class is displayed on the right. Any attribute you want to make available to clients of the RadiantOne service must be available in the global profile object class, additional object class(es), or manually added as custom attributes.
Additional object classes
The additional object class(es) associated with the identities in the global profile view. This allows you to expand the list of available attributes in the global profile beyond the primary object class configured as the Global Profile Object Class. A combination of attributes from the global profile object class and additional object class(es) are available for defining attribute mappings from the identity sources. The additional object class drop-down list is populated from the RadiantOne LDAP schema and you can select more than one object class.
This property is optional. If you do not want the global profile identities to be associated with additional object classes, leave this property blank.
A preview of all attributes associated with the selected object class is displayed on the right.
Login attributes
A login attribute is one that an application uses to uniquely identify a user to authenticate. Therefore, the attributes configured as login attributes should be populated and unique across all identities in the global profile view. The list of login attributes shown is conditioned by the Global Profile Identity Object Class(es) and Additional Object Class(es). This property is required. When viewing global profile identities, if a login attribute does not have a value and/or the value is duplicated across multiple global profile identities, you receive a message indicating the identity has a login conflict.
Login attributes and login analysis are purely informative and do not impact the functionality of the Global Identity Builder. This information can be valuable to a directory administrator because it ensures the reference list contains all data required for consuming applications to service end users. For example, if Application A identifies users by a lookup on uid
, all entries in the reference list must have a uid
value.
Display/search attribute
The attribute listed here conditions the searches performed against the global profile view from the Identities Browser embedded in the Global Identity Builder. This property is required.
The attribute selected as a search attribute should contain a populated, unique, single value that is user friendly and mapped in the attribute mappings from the identity sources. In other words, it should have a unique value for entries in the global profile. This search attribute is also used for displaying identities in the Global Profile Browser.
Custom attributes
To add an attribute to the global profile view that does not exist as part of the RadiantOne LDAP schema definition for the global profile object class or additional object class(es), select Add Custom Attribute. Underscores and spaces are not allowed in attribute names. All custom attributes are displayed in the Attribute Preview list on the right. To remove a custom attribute, select next to the attribute in the Attributes Preview list. Custom attributes are defined as type Directory String, which offers flexibility to store a variety of values. The data type is not configurable.
Custom attributes are not officially declared as part of the RadiantOne LDAP schema and therefore not tied to a specific object class. If a clients queries the RadiantOne LDAP schema, custom attribute definitions are not returned. If clients need a custom attribute, they must know the exact name and request it explicitly (custom attributes are also returned when all attributes are requested).
Runtime optimizations
There are two optimizations that can be used to improve upload performance. These options can be modified if persistent cache refresh is not enabled for the global profile view. Disable persistent cache refresh if you need to make changes to these properties. These options are described below.
Skip correlation on first source upload
If enabled, which is the default, the correlation rules are skipped during the first source upload into the Global Profile. This offers better upload performance for the first source processed. If your first source contains overlapping identities (same physical user has multiple entries in the source) that must be correlated, uncheck this option. When this option is not enabled, correlation rules are evaluated for the first uploaded source. Same user accounts can be correlated based on the rules defined for the source.
Automatic login attribute analysis
If enabled, which is the default, login attribute analysis (to determine uniqueness across all global profile entries) is performed on every operation against the global profiles. This option can slow upload performance so it can be disabled. When this option is not enabled, login attribute analysis is only performed when manually invoked from the Edit > Login Analysis menu in the project.