8.1 Associations

A relationship is established between an Identity Vault object and a connected system object when the two objects represent the same entity. This relationship is called an association and is stored in the Identity Vault on the associated Identity Vault object. Identity Manager uses the association to keep track of which object in the connected system matches with an object in the Identity Vault. In almost all cases, this should be a 1:1 match to say that "Herman Munster, employee number 1234567" in the HR system matches exactly with the user object "hmunster13" in the Identity Vault, with "Munster, Herman" in Active Directory, and "hmunster13@example.com" in the email system.

Associations are stored only in the Identity Vault. The shim provides a unique key value for each application object and the Identity Manager engine manages the storage of those key values in the Identity Vault. On the Subscriber channel, the Identity Manager engine uses this value to allow the shim to modify the correct object in the connected system. On the Publisher channel, the shim supplies the association value, allowing the identity Manager engine to quickly and easily find the correct object in the Identity Vault to work with. The following Association states are stored in the Identity Vault:

  • 0 Disabled: Changes in the driver objects are not synchronized with the Identity Vault.

  • 1 Processed: A successful association has been created between driver objects and the Identity Vault.

  • 2 Pending: The Identity Manager engine identified a modification to an object, and attempted to match it or create it in the connected system, but was unable to do so.

  • 3 Manual: A manual association was created by the user.

  • 4 Migrate: The account was synchronized or migrated.

  • blank No association: No association has been created.