Configuration Guide › Connecting to Endpoint Systems › Correlate Imported Accounts to Users › Define Account Correlation Rules

Define Account Correlation Rules

CA GovernanceMinder imports accounts from endpoints. Use the Correlation tab to define how CA GovernanceMinder matches these accounts to users in the universe. CA GovernanceMinder executes correlation rules automatically when importing account data. In addition, options on this screen let you remove account-user links and manually invoke correlation.

Note: When you import endpoint data using CA IdentityMinder, accounts are already mapped to users. Define account mapping logic for connectors that use the CA IAMS Connector Server or connectors that import data files.

To define account correlation rules

1. Define correlation rules for each endpoint as follows:
   • To define new correlation rules, click Add New Rule under Correlation Rules.
   • To base correlation logic on an existing set of rules, click Import Rules from XML. Edit the endpoint attributes and test expressions as necessary.

   Define a correlation condition consisting of the following terms:

   • User Expressions - one or more string expressions based on user attributes in the universe.
   • Comparator - compares the result of the user expression to the result of the account expression.
   • Account Expressions - one or more string expressions based on account attributes.

     (Optional) Select the Consider Synonyms option to test the condition with string variants in the synonyms file.

   You can define several correlation conditions in a single rule. A user-account pair matches the rule only when it satisfies all the conditions.

   The table under Correlation Rules lists active rules.

2. (Optional) Define sets of string variants. Under Manage Synonyms Synonyms let one correlation rule test common string variants that may represent the same value. The synonym file defines sets of synonyms. When a string expression in a rule equals a term in the synonym file, CA GovernanceMinder tests the rule using each synonym of the term. For example, if the synonym file lists Nathaniel, Nathan, Nate, Nat as synonyms, CA GovernanceMinder tests correlation rules for a user named Nathan using each of the alternate terms., do any of the following:
   • To load a default synonym list, click Load Synonyms Defaults.
   • To load your own custom synonym list, click Import Synonyms.
   • To add synonyms individually, click Add Synonyms.
3. Define correlation thresholds under Correlation Parameters, and specify how CA GovernanceMinder calculates the aggregated score.
4. Specify correlation reviewers under Correlation Flow Properties.

   When accounts are not immediately correlated to a user (based on the score), they are sent to one or more users for approval. The reviewer then chooses the user to correlate the account to and approves the correlation. The following settings are used for assigning approvers:

   Member List

   Assigns a reviewer based on attributes of the imported account. Imported endpoint accounts are stored as resources, so specify resource attribute mapping when you create this list.

   Default Assignee

   Specifies the default reviewer for all review actions that result from the correlation logic.

5. (Optional) Export correlation rules or synonyms to xml files. You can edit these files offline or upload them to create correlation rules for other endpoints.
   • To export correlation rules, click Export Rules to XML under Correlation Rules.
   • To export synonyms, click Export Synonyms under Manage Synonyms.

   Note: Saved correlation rules are only applied to new users and new accounts during the next import. To apply the rule to all accounts, start a full correlation.

6. Click Apply or Save.

   Account correlation rules are defined.

   Note: The accounts that are correlated are imported from endpoint connectors that are of merge type "As Accounts".