CA Identity Governance Configuration Guide › Connecting to Endpoint Systems › Using the CA IAM Connector Server › Define a Custom Configuration for the Endpoint

Define a Custom Configuration for the Endpoint

Important! For more information about endpoints, and endpoint objects and attributes, see the Endpoint Guides on CA Support.

If you select Use custom configuration for your endpoint template, manually provide mappings between the CA IAM Connector Server endpoints and CA Identity Governance.

Note: Avoid changing attribute mappings in connector configurations once you have run an initial import. If you do change the mapped attributes after initial import, it could cause significant performance impact.

1. Under Define User Accounts, map endpoint account attributes to CA Identity Governance account attributes.

   Note the following:

   • Use the filter to import a subset of accounts from the CA IAM Connector Server.
   • Click Add in the right-hand corner of the User Mapping section to add more user mappings between CA Identity Governance and the CA IAM Connector Server.
2. Click Next.
3. Define associations for the endpoint. This screen allows you to do the following:
   • Define how objects in an endpoint map to objects in CA Identity Governance, for example, a group in Active Directory is a resource in CA Identity Governance
   • Define how different objects are linked
   • Define additional properties for both objects and links, where available

   Define associations as follows:

   1. (Optional) If you want set up mappings for a deep use case, select the Enable deep use case associations check box.

      Note: When importing data into a deep universe, verify that you map all mandatory attributes of the endpoint to appropriate CA Identity Governance roles or resources.

   2. Under Association List, click Add to the right.
   3. Select the initial object type (specific to the endpoint) to associate in the From object type drop-down list.
   4. Select the relationship attribute used to associate the two objects.
   5. Click Ok.
   6. (Optional) Under Custom association fields mapping, click Add to provide any custom association attribute mapping information.

      Some associations have additional data related to them stored in attributes. Add the attribute mapping information if there is an attribute related to the association.

      Click Ok.

4. At this point, the associated objects do not yet relate to a known CA Identity Governance resource or role. Define the relation to a resource or role as follows:
   1. If the initial object type is not an account, select a CA Identity Governance role or resource to associate. Click the active link 'Select RCM role/resource' under the From "Account" or "RCM Role/Resource" column.
   2. Provide a name for the CA Identity Governance resource or role.
   3. (Optional) Click Edit to add field mappings for the related object.

      You can map attributes on the endpoint object to fields on the CA Identity Governance resource or role.

   4. Click Ok.
   5. Under the To "RCM Role/Resource" column, click the active link 'Select RCM role/resource'.
   6. Provide a name for the CA Identity Governance resource or role.
   7. (Optional) Click Edit to add field mappings for the related object.

      You can map attributes on the endpoint object to fields on the CA Identity Governance resource or role.

   8. Click Ok.
5. Repeat Steps 3 and 4 for each association.
6. Click Ok.

Note: If you want a shallow use case, associate an account to a CA Identity Governance resource. For a deep use case, map an account to a role, map the role to a resource, and optionally, map the account to a resource.