Previous Topic: Group Name Use Case

Next Topic: Bit Masks in Mask Attribute Mapping

Federation Manager GuideUser Directory Connections for AuthenticationCreate a Common View of the Same User Information Across DirectoriesEstablish Connections to User DirectoriesMask Use Case

Mask Use Case

Some directory implementations use individual bits in an attribute to provide information about that attribute, such as the state of an account. You can apply a bit mask to an attribute.

This use case shows two Active Directory user stores that identify disabled user accounts. Each account has a different underlying schema.

Note: Review the advanced user attribute mapping examples, which detail how to use different attribute mapping types to identify the same user attribute across different directory types.

The following illustration details how two mask attribute mappings can create a common view of the same user information.

Graphic showing two mask attribute mappings creating a common view of the same user information

  1. Two user directories contain a user attribute named AccountStatus. AccountStatus stores user information in a bit pattern, where each bit is a flag.

    This results in two different views of the same user information.

  2. IsDisabled is the common name that is mapped to the underlying directory schema. In both directories, IsDisabled is mapped to AccountStatus.

IsDisabled results in a common view of disabled user accounts. You can reference IsDisabled when defining assertion attributes or NameID attributes that require the account status of users. The system has no concern for the directory-specific schema because the directories are operationally identical.

More information:

Advanced User Attribute Mapping Examples