4.18 Configuring ID Policies

An ID policy allows the ID Provider driver to generate unique IDs. When the ID Provider driver receives an ID request from a client, it generates an identification that is based on the ID policy specified in the request and passes it to the client.

The ID Provider driver can act as a client itself and can assign IDs to objects in the Identity Vault. For more information about the ID Provider driver and its components, see the Identity Manager 4.0.2 ID Provider Driver Implementation Guide.

To configure an ID policy, you must first add the ID Provider driver to a driver set. Then, under the ID Provider driver, create an ID Policy container and add an ID policy. After the ID policy is created, double-click the ID policy in the Outline view, or right-click the ID policy and select Properties.

Figure 4-6 ID Policy General Properties Page

Table 4-28 The ID Policy General Settings

Field

Description

Policy Name

The name of the ID policy.

Policy’s Last ID

The last ID number that was used by this ID policy. If you have deployed this ID policy, use the Connect icon to update this field to the last ID number that was stored in the Identity Vault for this ID policy.

NOTE:Only the ID Provider driver can update the last value stored in the Identity Vault.

Constraints Minimum/Maximum

Numbers must be between 0 and 2147483647. If you have a fixed system that can only handle eight digits, set the Maximum to 99999999.

Constraints Exclude/Include

Allows you to include or exclude a set of numbers that you type. Numbers can be typed in a comma-delimited list and you can use ranges, such as 10,100,1000,5000-10000,1099, etc.

Constraints Prefix:

Allows you to give a prefix to the IDs that are generated using this ID policy. If you create multiple ID policies, a prefix is useful to see which ID policies are being used. An example is WFID, for workforce IDs.

Constraints Fill: Yes/No

If you choose Yes, the ID is filled with leading zeros (0) up to the maximum length. This helps keep generated IDs at the same length. If you select No, it does nothing and the ID lengths increment over time.

Access Control Enabled

Check this box if you want to enable access control lists.

Access Control ACL:

Type the names of the access control lists you want to use. Access control must be enabled before you can type in ACLs.