A list of user well-known attributes and the items to which they map follows:
Maps to the list of admin roles of an administrator.
The physical attribute that mapped to %ADMIN_ROLE_CONSTRAINT% must be multivalued to accommodate multiple roles.
We recommend indexing the LDAP attribute that is mapped to %ADMIN_ROLE_CONSTRAINT%.
Maps to the certification status of a user.
This attribute is required to use the user certification feature.
Note: For more information about user certification, see the Administration Guide.
Maps to a list of users who have delegated work items to the current user.
This attribute is required to use delegation. The physical attribute that mapped to %DELEGATORS% must be multivalued and capable of holding strings.
Important! Editing this field directly using CA IdentityMinder tasks or an external tool can cause significant security implications.
Maps to an email address of a user.
Required to use the email notification feature.
(Required)
Maps to the status of a user.
Note: This attribute must match the Disabled Flag user directory attribute in the SiteMinder user directory connection.
Maps to the first name of a user.
Maps to the first and last names of a user.
Specifies the list of identity policies that have been applied to a user account and a list of unique Policy Xpress policy IDs that have performed add or remove actions on the user object.
CA IdentityMinder uses this attribute to determine whether applying an identity policy to a user is required or not. Assume that the policy has the Apply Once setting enabled and the policy is listed in the %IDENTITY_POLICY% attribute. CA IdentityMinder does not apply the changes in the policy to the user.
Note: For more information about identity policies, see the Administration Guide.
Maps to the date when the roles are certified to a user.
Required to use the user certification feature.
Note: For more information about user certification, see the Administration Guide.
Maps to the last name of a user.
Maps to the list of groups of which the user is a member.
The physical attribute that mapped to %MEMBER_OF% must be multivalued to accommodate multiple groups.
Using this attribute improves response time when searching groups of a user.
You can use this attribute with Active Directory or any directory schema that maintains group membership of a user on the user object.
(Required)
Maps to the DN of the organization to which the user belongs.
CA IdentityMinder uses this well-known attribute to determine structure of a directory.
This attribute is not required when the user directory does not include organizations.
(Required)
Maps to the user-friendly name of the organization in which the profile of the user exists.
This attribute is not required when the user directory does not include organizations.
Maps to the password of a user.
This attribute must match the Password Attribute in the SiteMinder user directory connection.
Note: The value of the %PASSWORD% attribute is always displayed as a series of asterisk (*) characters in CA IdentityMinder screens, even when the attribute or field is not set to hide passwords.
(Required for password policy support)
Specifies the attribute that tracks password policy information.
Note: The value of the %PASSWORD_DATA% attribute is always displayed as a series of asterisk (*) characters in CA IdentityMinder screens, even when the attribute or field is not set to hide passwords.
(Required)
Maps to a user-specified question and answer pair. The question and answer pair is used when users forget their passwords.
To support multiple question and answer pairs, make sure that the %PASSWORD_HINT% attribute is multivalued.
If you are using Password Services feature of SiteMinder to manage passwords, the Password Hint attribute must match the Challenge/Response attribute in the SiteMinder user directory.
Note: The value of the %PASSWORD% attribute is always displayed as a series of asterisk (*) characters in CA IdentityMinder screens, even when the attribute or field is not set to hide passwords.
(Required)
Maps to the ID of a user.
|
Copyright © 2013 CA.
All rights reserved.
|
|