Construction of identity name
There are various methods for constructing identity name from an authoritative source. Each method has its advantages and disadvantages.
The normal construction of an authoritative source is to have the employee number as the identity attribute and a first-last full name as the display attribute. This is normal and is very helpful in the display of the identity on the main identity warehouse page. However this has a side effect: the identity name of the user is their display name. This is because on account creation, the display name informs the identity name. Hence an issue. Using the employee number for the display attribute has its own redundancy issues and should be discouraged.
Construction of display name
Some sources do not have a display name field, they might have a first name and a last name field. In this case you should construct this field using a customization rule.
- Define the Full Name or Display Name field in the schema
- Write a customization rule that pulls the first and last names and returns the full or display name to the attribute.
- Define the new field as the display attribute.
In order to have the employee number to be used as the identity name instead of the display name, you need to explicitly set the name in the Creation rule of the authoritative source application. This is also where we typically set the initial password for the identity. For instance, if the application's name for employee number is FILENUMBER (this is the value for WorkDay typically) then the code would look like this:
identity.setName(account.getAttribute("FILENUMBER"));
And in fact you could set the identity name to whatever you like here, keeping in mind to make it always unique. For instance you could include the application name in the identity name:
identity.setName(application.getName()+
"-"+account.getAttribute("emplid"));
Or I have also seen:
identity.setName(account.getAttribute(displayName)+
"-"+account.getAttribute("emplid"));
No comments:
Post a Comment