Configure a Resource Mapping

Objects in external resources are specified in a mapping as system/name/object-type, where name is the name used in the connector configuration, and object-type is the object defined in the connector configuration list of object types. Objects in the repository are specified in the mapping as managed/object-type, where object-type is defined in the managed object configuration.

External resources, and Identity Cloud managed objects, can be the source or the target in a mapping. By convention, the mapping name is a string of the form source_target, as shown in the following example:

Basic LDAP Mapping
{
    "mappings": [
        {
            "name": "systemLdapAccounts_managedUser",
            "source": "system/ldap/account",
            "target": "managed/realm-name_user",
            "properties": [
                {
                    "source": "lastName",
                    "target": "sn"
                },
                {
                    "source": "telephoneNumber",
                    "target": "telephoneNumber"
                },
                {
                    "target": "phoneExtension",
                    "default": "0047"
                },
                {
                    "source": "email",
                    "target": "mail",
                    "comment": "Set mail if non-empty.",
                    "condition": {
                        "type": "text/javascript",
                        "source": "(object.email != null)"
                    }
                },
                {
                    "source": "",
                    "target": "displayName",
                    "transform": {
                        "type": "text/javascript",
                        "source": "source.lastName +', ' + source.firstName;"
                    }
                },
               {
                    "source" : "uid",
                    "target" : "userName",
                    "condition" : "/linkQualifier eq \"user\""
                    }
               },
            ]
        }
    ]
}

In this example, the name of the source is the external resource (ldap), and the target is Identity Cloud’s user repository; specifically, managed/realm-name_user. The properties defined in the mapping correspond to attribute names that are defined in the Identity Cloud configuration. For example, the source attribute uid is defined in the ldap connector configuration file, rather than on the external resource itself.

Configure Mappings Using the Admin UI

To set up a synchronization mapping in the Admin UI:

  1. Select Configure > Mappings.

  2. Click New Mapping, then select a source and target resource from the configured resources at the bottom of the window.

    You can filter these resources to display only connector configurations or managed objects.

  3. Select Add property on the Attributes Grid to map a target property to its corresponding source property.

    The Property list shows all configured properties on the target resource. If the target resource is specified in a connector configuration, the Property list shows all properties configured for this connector. If the target resource is a managed object, the Property list shows the list of properties (defined in the managed object configuration for that object).

    • Select Add Missing Required Properties to add all the properties that are configured as required on the target resource. You can then map these required properties individually.

    • Select Quick Mapping to show all source and target properties simultaneously. Drag a source property onto its corresponding target property, or the inverse. When you’re done, click Save.

  4. To test your mapping configuration on a single source entry, select the Behaviors tab and scroll down to Single Record Reconciliation. Search for the entry you want to reconcile.

    The UI displays a preview of the target entry after a reconciliation. You can then select Reconcile Selected Record to actually perform the reconciliation on that one source entry.