Add lookup information to a target user identity

Lookup information is optional unique identifying data for the target user identity defined in an association. This association can be either an identifier target association or a policy association. Lookup information is necessary only when a mapping lookup operation can return more than one target user identity. This situation can create problems for Enterprise Identity Mapping (EIM) enabled applications, including i5/OS™ applications and products, that are not designed to handle these ambiguous results.

When necessary, you can add unique lookup information for each target user identity to provide more detailed identifying information to further describe each target user identity. If you define lookup information for a target user identity, this lookup information must be provided to the mapping lookup operation to ensure that the operation can return a unique target user identity. Otherwise, applications that rely on EIM may not be able to determine the exact target identity to use.

Note: If you do not want EIM lookup operations to be able to return more than one target user identity, then you should correct your EIM associations configuration instead of using looking information to resolve the situation. See Troubleshoot EIM mapping problems for more detailed information.

How you add lookup information to further define a target user identity varies based on whether the target user identity is defined in an identifier association or a target association. Regardless of the method that you use to add the lookup information, the information that you specify is tied to the target user identity, not the identifier associations or policy associations in which that user identity is found.

Add lookup information to a target user identity in an identifier association

To add lookup information to the target user identity in an identifier association, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:

Registry administrator.
Administrator for selected registries (for the registry definition that refers to the user registry that contains the target user identity).
EIM administrator.

To add lookup information to the target user identity in an identifier association, complete these steps:

Expand Network > Enterprise Identity Mapping > Domain Management.
Select the EIM domain in which you want to work.
- If the EIM domain you want to work with is not listed under Domain Management, see Add an EIM domain to the Domain Management folder.
- If you are not currently connected to the EIM domain in which you want to work, see Connect to the EIM domain controller.
Expand the EIM domain to which you are connected.
Click Identifiers to display the list of EIM identifiers for the domain.
Note: Sometimes when you attempt to expand the Identifiers folder, it may take a long time before the list of identifiers displays. To improve performance when you have a large number of EIM identifiers in the domain, you can customize the Identifiers folder view by restricting the search value used for displaying identifiers. Right-click Identifiers, select Customize this view... > Include, and specify the display criteria to use for generating the list of EIM identifiers to include in the view.
Right-click an EIM identifier and select Properties....
Select the Associations page, select the target association to which you want to add lookup information, and click Details.... Click Help, if necessary, to determine what information to specify for each field.
In the Association - Details dialog, specify the Lookup information that you want to use to further identify the target user identity in this association and click Add.
Repeat this step for each lookup information entry that you want to add to the association.
Click OK to save your changes and to return to the Association - Details dialog.
Click OK to exit.

Add lookup information to a target user identity in a policy association

To add lookup information to the target user identity in a policy association, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:

Registry administrator.
Administrator for selected registries (for the registry definition that refers to the user registry that contains the target user identity (ID).
EIM administrator.

To add lookup information to the target user identity in a policy association, complete these steps:

Expand Network > Enterprise Identity Mapping > Domain Management.
Select the EIM domain in which you want to work.
- If the EIM domain you want to work with is not listed under Domain Management, see Add an EIM domain to the Domain Management folder.
- If you are not currently connected to the EIM domain in which you want to work, see Connect to the EIM domain controller.
In the Mapping Policy dialog, use the pages to view policy associations for the domain.
Find and select the policy association for the target registry that contains the target user identity for which you want to add lookup information.
Click Details... to display the appropriate Policy Association - Details dialog for the type of policy association that you selected. Click Help, if necessary, to determine what information to specify for each field.
pecify the Lookup information that you want to use to further identify the target user identity in this policy association and click Add. Repeat this step for each lookup information entry that you want to add to the association.
Click OK to save your changes and to return to the original Policy Association - Details dialog.
Click OK to exit.