Previous Topic: Mask

Next Topic: Create a Mask Attribute Mapping

Mask Use Case

This use case represents a basic scenario in which two Active Directory user directories identify disabled user accounts with different underlying schema.

Note: Advanced use cases are shown in the Apply Attribute Mapping section. The advanced use cases detail how you use different attribute mapping types to identify the same user attribute across different directory types.

The following illustration details how two mask attribute mappings can define a universal schema and create a common view of the same user information.

Attribute Mapping Use Case

  1. Two user directories contain a user attribute named AccountStatus. AccountStatus stores user information in a bit pattern, where each bit is a flag.

    This results in two different representations and views of the same user information.

  2. IsDisabled is the common name that is mapped to the underlying directory schema. In both directories, IsDisabled is mapped to AccountStatus.
  3. IsDisabled results in a common view of disabled user accounts. You can reference IsDisabled when defining policies, expressions, or other objects that require the account status of users, without concern for the directory-specific schema, because the directories are operationally identical. SiteMinder determines that IsDisabled is AccountStatus:2 for Directory A and AccountStatus:4 for Directory B.

More information:

Named Expressions


Copyright © 2010 CA. All rights reserved. Email CA about this topic