4.18 Configuring ID Policies
An ID policy allows the ID Provider driver to generate unique IDs. When the ID Provider driver receives an ID request from a client, it generates an identification that is based on the ID policy specified in the request and passes it to the client.
The ID Provider driver can act as a client itself and can assign IDs to objects in the Identity Vault. For more information about the ID Provider driver and its components, see the Identity Manager 4.0.1 ID Provider Driver Implementation Guide.
To configure an ID policy, you must first add the ID Provider driver to a driver set. Then, under the ID Provider driver, create an ID Policy container and add an ID policy. After the ID policy is created, double-click the ID policy in the Outline view, or right-click the ID policy and select .
Table 4-28 The ID Policy General Settings
|
The name of the ID policy. |
|
The last ID number that was used by this ID policy. If you have deployed this ID policy, use the icon to update this field to the last ID number that was stored in the Identity Vault for this ID policy.
NOTE:Only the ID Provider driver can update the last value stored in the Identity Vault.
|
|
Numbers must be between 0 and 2147483647. If you have a fixed system that can only handle eight digits, set the to 99999999. |
|
Allows you to include or exclude a set of numbers that you type. Numbers can be typed in a comma-delimited list and you can use ranges, such as 10,100,1000,5000-10000,1099, etc. |
|
Allows you to give a prefix to the IDs that are generated using this ID policy. If you create multiple ID policies, a prefix is useful to see which ID policies are being used. An example is WFID, for workforce IDs. |
|
If you choose , the ID is filled with leading zeros (0) up to the maximum length. This helps keep generated IDs at the same length. If you select , it does nothing and the ID lengths increment over time. |
|
Check this box if you want to enable access control lists. |
|
Type the names of the access control lists you want to use. Access control must be enabled before you can type in ACLs. |