Configuration Guide › Connecting to Endpoint Systems › Using the CA IAM Connector Server › Resolve Manager IDs for Certification

Resolve Manager IDs for Certification

In some cases, attributes reference a user, but the value of the attribute is not the same as the person ID. For example, the "manager" field in Active Directory contains a DN to the manager. If you bring the DN value of the "manager" field into CA GovernanceMinder, the system cannot identify who the manager is.

To address this issue, you can map a lookup attribute to the Manager ID (or Owner) field in CA GovernanceMinder. The lookup attribute is the attribute of the manager, where the default is Person ID. In the previous Active Directory example, the manager has an additional DN attribute, and the lookup attribute for the user must be set to DN to reflect that when looking for the manager, CA GovernanceMinder must search for a user with the value in the DN field that equals the value in the "Manager ID" field.

This attribute replacement occurs during the import process, so the RACI and user permissions see the replaced value.

Note: Map the lookup attribute to the Manager ID field for the endpoint type of 'As Users'.

Example

Consider the following two users:

User 1

• Person ID: Steve
• Manager ID: 54371 (endpoint value)
• ID Number: 79882

User 2

• Person ID: John
• Manager ID: 43582 (endpoint value)
• ID Number: 54371

In this example, there is no attribute on the user 'Steve' that contains the Person ID of his manager, so CA GovernanceMinder cannot recognize John as the manager. This issue prevents you from doing a certification, as CA GovernanceMinder needs the value of the Manager ID to say "John". The lookup attribute does a search and replaces the value. If you entered a lookup attribute of "ID Number", CA GovernanceMinder searches for a user with an ID Number that matches the Manager ID attribute for Steve, which results in "John". CA GovernanceMinder then takes that Person ID (John) and writes it to the Manager ID attribute, instead of the current value (54371).

Because this replacement happens on import, CA GovernanceMinder sets the Manager ID field to "John" instead of 54371. CA GovernanceMinder behaves as if "John" was the value all along, so everything else in CA GovernanceMinder including RACI, permissions, and certifications only see the new value.

Note: The field to set the lookup attribute is located at the bottom of the Default User Accounts screen when creating a CA IAM Connector Server connector, and it is labeled "Lookup attribute for 'Manager ID'/'Owner' search".