Identity Collector: reference to another object
Is there any way to collect an attribute that belongs to another object via the Identity Manager Identity Collector. I want to get information from another object that is related to my Identity.
For example, I want to map at the my Identity Collector the "Description" attribute the value "ABC" from my object reference in my user1 identity.
The solution that comes to my mind is that in the transformation script make a connection to the directory to obtain the information, but I don't think it is the best solution. Do you have any comments o recommendations?
I need to display this kind of information at some reviews
What if you implemented the IGIM driver, and then updated policy in the driver to add that attribute value to users as you synchronized them over to IG?
Alternatively, I'd look for a way to make that dn dereference and attr lookup happen entirely in the LDAP query, but that sounds like black magic to me.
As I understand it, it is not supported to modify the IGIM driver. The filter for which the IGIM uses is set via REST by the one that is utilizing it. The filter and other aspects of the this driver should not be modified.
Please be aware that the IGIM driver does not synchronize aspects to ID Gov. The IGIM driver looks for changes based upon the filter that is set. This filter is set or updated when the IDM Identity w/Changes does a Full Collect. After that, the IGIM driver listens for changes to users/groups based upon the attributes outlined. If there are any changes then it (IGIM driver) stores those changes. The Collector within IG gets those specific changes via REST when it polls (based upon the setting which is every 60 minutes by default). Once the information is pulled the stored data in the IGIM driver is deleted.
Keep in mind there are two (2) limitations if one is going to utilize one (1) of the three (3) "with Changes" Identity Collectors
#1: You can not merge Identities. You must utilize "Publish without merging". If you need to merge your Identity Sources then these Collectors can not be utilized.
#2: There can only be one (1) of these collectors utilized. For example, you can utilize both the IDM with Changes and the AD with Changes Identity Collectors. Only one (1) can be utilized.
Principal Enterprise Architect
Thank you both for your comments
So the only way to have to supplement with additional information of my identity (in IdGov) of another object (for example a catalog of other objects of the same Identity Source) would be to configure the merge with another collector, although these objects are not technically considered as a identity?
First of all, thank you for your clarifications and comments.
The use case that I have tried to explain above is the following, I need that information related to my users can be displayed in the access reviews, the attributes reside in other objects that are referenced in the IdM users.
For example, users refer to another type of object through the custObjDn attribute.
dn: cn = tz057d, ou = users, o = data
custObjDn: cn = obj1, ou = test, o = data
Where cn = obj1, ou = test, o = data has:
dn: cn = obj1, ou = test, o = data
description1 = ABC
description2 = 123
These objects have the attributes (description1, description2) which are what I need to show in the reviews. Let's say these objects are some kind of catalog or something like that.
Obviously one of the possible solutions to this use case could be copying the attribute values to my IdM users through a service driver (Null Service) and "naturally" doing the mapping in my collector. But I would like to see if there is any way to get such information in the collector configuration.
These values are very dynamic, so this information could not be configured manually or in bulk through the process you mentioned above.
Currently my Identity Data Source is of type "Identity Manager Identity Collector".