Identity sources provide the information to build a catalog of the people within your organization. The information that you collect from your data sources can add as much personally identifiable information as you need to create the unique identity for each person.
NOTE:When you create identity sources, keep the following in mind:
If you are using the Identity Manager Identity collector, it must always be first in the list of collectors. Otherwise user authorizations will fail. For more information, see Section 7.5, Assigning Identity Manager as the Primary Identity Source.
If you collect data from two or more identity sources that have duplicate information for the Primary Supervisor ID from Source attribute, Identity Governance cannot merge or publish the data. After collecting each identity source, you must define extended attributes, such as Source1_userID and Source2_userID, for the Primary Supervisor ID from Source attribute. Then, to merge the information, specify the extended attributes as the Join to
attribute for Primary Supervisor ID from Source.
Identity Governance provides Custom Collector SDK to create collectors. Contact your SaaS Operations Administrator if you need to create new collectors.
To create a identity source and collect identities and groups:
Log in to Identity Governance as a Customer, Global, or Data Administrator.
Select Data Sources.
(Conditional) To create an identity source collector, select Identities.
Select + to create an identity source collector from a template.
or
Select Import an Identity Source to specify a JSON file to import.
IMPORTANT:To import a data source, you must first export the data source from the current version of Identity Governance. Data source files exported from earlier versions of Identity Governance do not import correctly to the current version. Hence, the data source must be recreated in the current version of Identity Governance.
(Conditional) To collect from a CSV file, specify the full path to the file.
The CSV collector supports TSV files. To use a TSV file, enter the word tab, in uppercase, lowercase, or any combination in the Column Delimiter field.
(Conditional) To configure an identity source with change events collector, select a template name ending in with changes and observe the conditions listed in Section 7.3, Collecting from Identity Sources with Change Events. For more information, see Understanding Change Event Collection Status and Supported Attribute Syntaxes for eDirectory and Identity Manager Change Events Collection.
NOTE:A change to the collector configuration suspends change event processing, which does not resume until a full batch collection and publication completes.
IMPORTANT:For large scale changes, disable event collection, and enable it only for incremental change events.
Specify all the mandatory fields for the data source.
For more information, see the following content:
Configure publication behavior.
(Conditional) If you select Publish and Merge as your publication behavior, enable or disable New User Creation.
(Conditional) To merge the collected data from an identity source, specify which attributes to match by selecting Match rule check box.
As each identity source collector configured for publish and merge can potentially create new Identities in the catalog, you should always ensure that the mandatory User ID from Source attribute mapping is configured to collect an acceptable unique identifier that is appropriate for the catalog.
IMPORTANT:When collecting identities using the publish and merge setting, matching attributes are mandatory for Identity Governance to include the user when publishing. If a secondary identity source has users that do not have the matching attribute defined in the collector, they will be collected, but they will not be published. For information about setting merge rules before publishing identities, see Section 9.1.2, Setting the Merge Rules for Publication.
Save your settings.
Select Test Collection and Troubleshooting.
To ensure your settings are correct run test collections. For more information, see Section 6.8.3, Testing Collections.
(Optional) To preview data, create emulation package. For more information, see Section 6.8.4, Creating Emulation Packages.
Select Collect now icon on the Identities page individually.
(Optional) Schedule a collection. For more information, see Section 10.0, Creating and Monitoring Scheduled Collections.
The first time you set up Identity Governance, you must collect and publish data after creating your data sources so that your catalog contains the data. For information about publishing identities, see Section 9.1, Publishing Identity Sources.