Global Identity Builder project properties

Each Global Identity Builder project is associated with a set of properties. The properties are described in this section and an example is shown in the following screen:

Sample Project Properties

Project name

Unique name for the project. This value must be a least 4 characters (alphanumeric and underscore only) and not contain spaces. The project contains all configurations related to correlating a set of identity sources and creating a global profile view. This property is required.

Naming context

The root naming context in RadiantOne where the final global profile view is mounted. This property is required.

Global profile object class

The structural object class(es) associated with the identities in the global profile view. The RadiantOne schema associated with the object class(es) configured for this property dictates the possible attributes to select for the Login Attributes and Search Attributes properties. The drop-down list is populated from the RadiantOne LDAP schema. This property is required.

A preview of all attributes associated with the selected object class is displayed on the right. Any attribute you want to make available to clients of the RadiantOne service must be available in the global profile object class, additional object class(es), or manually added as custom attributes.

Additional object classes

The additional object class(es) associated with the identities in the global profile view. This allows you to expand the list of available attributes in the global profile beyond the primary object class configured as the Global Profile Object Class. A combination of attributes from the global profile object class and additional object class(es) are available for defining attribute mappings from the identity sources. The additional object class drop-down list is populated from the RadiantOne LDAP schema and you can select more than one object class.

This property is optional. If you do not want the global profile identities to be associated with additional object classes, leave this property blank.

A preview of all attributes associated with the selected object class is displayed on the right.

Login attributes

A login attribute is one that an application uses to uniquely identify a user to authenticate. Therefore, the attributes configured as login attributes should be populated and unique across all identities in the global profile view. The list of login attributes shown is conditioned by the Global Profile Identity Object Class(es) and Additional Object Class(es). This property is required. When viewing global profile identities, if a login attribute does not have a value and/or the value is duplicated across multiple global profile identities, you receive a message indicating the identity has a login conflict.

Display/search attribute

The attribute listed here conditions the searches performed against the global profile view from the Identities Browser embedded in the Global Identity Builder. This property is required.

Custom attributes

To add an attribute to the global profile view that does not exist as part of the RadiantOne LDAP schema definition for the global profile object class or additional object class(es), select Add Custom Attribute. Underscores and spaces are not allowed in attribute names. All custom attributes are displayed in the Attribute Preview list on the right. To remove a custom attribute, select red x icon next to the attribute in the Attributes Preview list. Custom attributes are defined as type Directory String, which offers flexibility to store a variety of values. The data type is not configurable.

Runtime optimizations

There are two optimizations that can be used to improve upload performance. These options can be modified if persistent cache refresh is not enabled for the global profile view. Disable persistent cache refresh if you need to make changes to these properties. These options are described below.

Skip correlation on first source upload

If enabled, which is the default, the correlation rules are skipped during the first source upload into the Global Profile. This offers better upload performance for the first source processed. If your first source contains overlapping identities (same physical user has multiple entries in the source) that must be correlated, uncheck this option. When this option is not enabled, correlation rules are evaluated for the first uploaded source. Same user accounts can be correlated based on the rules defined for the source.

Automatic login attribute analysis

If enabled, which is the default, login attribute analysis (to determine uniqueness across all global profile entries) is performed on every operation against the global profiles. This option can slow upload performance so it can be disabled. When this option is not enabled, login attribute analysis is only performed when manually invoked from the Edit > Login Analysis menu in the project.