11.14 Extending the Identity Governance Schema

Identity Governance contains a default schema for entities that you collect in the catalog. If the default schema provided does not meet your needs, you can extend the Identity Governance schema. Extending the schema is a simple process.

Extending the schema is adding attributes to the default schema provided. You can view the default schema for Identity Governance in the console. You login as an global administrator or data administrator to view the schema. The schema is listed under the Data Administration menu.

11.14.1 Adding or Editing Attributes to Extend the Schema

Identity Governance provides a simple way to extend the schema for the different entities. You add additional attributes and define properties. You can also download attributes as json files to edit the properties. After editing, you can import the attributes on the page that lists all attributes for a given entity.

  1. Log in to Identity Governance as a Global or Data Administrator.

  2. Under Data Administration, select the entity where you want to add or edit the attribute.

    • User

    • Account

    • Permission

    • Business Roles

    NOTE:You cannot extend the schema for groups. Identity Governance does not allow it.

  3. Select the plus sign + to add a new attribute or select an existing attribute to edit the properties.

  4. Add or edit the attribute by configuring the following:

    NOTE:Some values might not be editable, depending on the Attribute Behavior settings.

    Attribute name and Key

    Specify the attribute name and key. It is the same value for both fields. The attribute name must be unique to your Identity Governance environment.

    Type

    Select the type of attribute you want to create. The types are String, Boolean, Double, Long, Date, and Locale.

    Maximum size

    Specify the number of characters allowed for the value of this attribute.

    Truncate to size

    Enable to allow the system to handle values longer than the attribute’s maximum size. If this is not enabled, and the value is longer than the maximum size, it will cause an error and the record will not be collected.

    Attribute Behavior

    Select the behavior of the attribute. The attribute can be required, allowed to change, allowed to have multiple values, or allowed to have a static value.

    Listable Options

    Select how you want the attribute displayed in the Identity Governance Console.

    Display in Quick Info views

    Allows anyone with rights to view reviews to see the attribute. This option does not allow the attribute to be changed.

    Display in lists and detail views

    Allows administrators to view and change the information in the Identity Governance console.

    Sortable in table columns

    Allows administrators to store the attribute in the table columns.

    Searchable Options

    Select how you want the new attribute to be searched for in Identity Governance.

    • Available in catalog searches. Changes take effect after publication.

    • Display as refine search option

    • Display in review item selection criteria

    • Display in business role selection criteria

    • Available in typeahead searches

    IMPORTANT:For all attributes that you have configured for authentication matching rules, ensure that you enable the following list and search options for these attributes:

    • Display in lists and detail views

    • Available in catalog searches. Changes take effect after publication.

    For more information, see Security Settings.

  5. Select Save.

11.14.2 Adding Attributes to a Collector

If a collector you are using does not contain the schema you need, you can simply extend the schema of the collector by adding additional attributes. You must have already created and configured the collector before performing the following steps. For more information, see Section 15.0, Creating and Managing Data Sources.

  1. Log in to Identity Governance as a Global Administrator.

  2. Select Data Sources > Identities > Your Identity Source.

  3. Select Collect Identity > Collect Identity Attributes > Add attribute.

  4. Add the attribute by configuring the following:

    Attribute name and Key

    Specify the attribute name and key. It is the same value for both fields. The attribute name must be unique to your Identity Governance environment.

    Type

    Select the type of attribute you want to create. The types are String, Boolean, Double, Long, Date, and Locale.

    Maximum size

    Specify the number of characters allowed for the value of this attribute.

    Truncate to size

    Enable to allow the system to handle values longer than the attribute’s maximum size. If this is not enabled, and the value is longer than the maximum size, it will cause an error and the record will not be collected.

    Attribute Behavior

    Select the behavior of the attribute. The attribute can be required, allowed to change, allowed to have multiple valued, or allowed to have a static value.

    Listable Options

    Select how you want the attribute displayed in the Identity Governance Console.

    Display in Quick Info views

    Allows anyone with rights to view reviews to see the attribute. This option does not allow the attribute to be changed.

    Display in lists and detail views

    Allows administrators to view and change the information in the Identity Governance console.

    Sortable in table columns

    Allows administrators to store the attribute in the table columns.

    Searchable Options

    Select how you want the new attribute to be searched for in Identity Governance.

    • Available in catalog searches.Changes take effect after publication.

    • Display as refine search option

    • Display in review item selection criteria

    • Display in business role selection criteria

  5. Select Save.

11.14.3 Viewing Available Attributes in Business Roles

When you create a business role, you define a membership expression that search for all users that meet a certain criteria to be added to the business role. For more information, see Defining Business Roles.

The Membership expression lists all of the available attributes you can match on under the Title field. This list matches the list displays under Data Administration > Business Roles. If you want to add more items to this list, you must add a new attribute to the business roles schema.

NOTE:Only Bootstrap, Global, Data or Business Role administrator have rights to administer business role schema. For more information, see Adding or Editing Attributes to Extend the Schema.