An external identity
is a synchronization key that facilitates coordination between identity
entries in the metadata and identity entries in your authentication
provider. If you use batch processes to coordinate metadata identity
information with your authentication provider, external identities
are set up and used as follows:
-
In your authentication
provider, you select a field to use for the mapping. This should be
a field that contains a unique and unchanging value for each user,
group, and role that you want to manage with batch processes. Typically,
this is an identifier such as employee number.
-
When you perform an
initial import from your authentication provider into the metadata,
the keyid values in the canonical tables become external identity
values in the metadata. Each imported identity has at least one external
identity value.
-
During the synchronization
process, external identity values that are extracted from the metadata
are used as the keyid in the target tables. Because these values also
exist in the extraction from your authentication provider, external
identity values can be used to match corresponding entries in the
two sets of tables.
Note: If you need to incorporate
manually created identities into a batch synchronization process,
manage each identity’s external identity value from the
General properties
of its metadata definition.