Help banner

Filters

Filters exist on the driver and enable you to specify which classes and attributes an application can send to and receive from the Identity Vault. If you want a specific class to pass through for the Metadirectory engine to process, you should add the class to the filter on the appropriate channel. You also have the ability to filter objects by a specific attribute value you define.

The following icons are used on this page:

Changes to this object are reported and automatically synchronized.

Changes to this object are not reported or automatically synchronized.

Changes to this object are reported, but not automatically synchronized.

Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher or Subscriber channel, not both.)

Add Class
Adds a class to the filter.

Add Attribute
Adds an attribute to the filter.

Delete
Deletes the selected class or attribute from the filter.

Copy Filter From
Lets you select and copy a filter from another driver.

Set Template
Use this option to set the default options for all attributes that are added to the filter.

You can set the following options for an attribute value:

Publish

Controls the flow of data on the Publisher channel into the Identity Vault. The options are:
Synchronize
Ignore
Notify
Reset

Subscribe

Controls the flow of data on the Subscriber channel into the connected system. The options are:
Synchronize
Ignore
Notify
Reset

Merge Authority

Default Behavior
If an attribute is not being synchronized in either channel, no merging occurs.

If an attribute is being synchronized in one channel and not the other, then all existing values on the destination for that channel are removed and replaced with the values from the source for that channel. If the source has multiple values and the destination can only accommodate a single value, then only one of the values is used on the destination side.

If an attribute is being synchronized in both channels and both sides can accommodate only a single value, the application acquires the values store in the Identity Vault unless there is no value in the Identity Vault. If this is the case, the Identity Vault acquires the values from the application (if any).

If an attribute is being synchronized in both channels and only one side can accommodate multiple values, the single-valued side's value is added to the multi-valued side if it is not already there. If there is no value on the single side, you can choose the value to add to the single side.

This is always valid behavior.

 

Identity Vault
Behaves the same way as the default behavior if the attribute is being synchronized on the Subscriber channel and not on the Publisher channel.

This is valid behavior when synchronizing on the Subscriber channel.

 

Application
Behaves the same as the default behavior if the attribute is being synchronized on the Publisher channel and not on the Subscriber channel.

This is valid behavior when synchronizing on the Publisher channel.

 

None
No merging occurs regardless of synchronization.

 

 

Optimize Modifications to Identity Manager

Controls whether or not changes to this attribute are examined on the Publisher Channel to determine the minimal change made in the Identity Vault.

You can set the following options on a class:

Publish

Controls the flow of data on the Publisher channel into the Identity Vault. The options are:
Synchronize
Ignore

Subscribe

Controls the flow of data on the Subscriber channel into the connected system. The options are:
Synchronize
Ignore

Create Home Directory

Controls the automatic creation of home directories.

Track Member of Template

Determines whether or not the Publisher Channel maintains the Member of Template attribute when it creates objects from a template.

Close