Understanding Identity Mappings in SailPoint IdentityIQ

KranthiKranthi
2 min read

In SailPoint IIQ, Identity Mappings allow administrators to define and expose additional attributes in the Identity Cube. These attributes are essential for identity correlation, policy evaluation, workflows, UI display, and reporting.

There are two approaches to add custom identity attributes, depending on how they are stored and used.

1. Adding Custom Attributes via UI (Stored as Extended Attributes in spt_identity)

This is the default and most straightforward method for adding new attributes without editing backend files.

Key Points:

  • Navigate to Global Settings → Identity Mappings and define the custom attribute.

  • These attributes are stored as extended attributes in the spt_identity table.

  • To make the attribute visible in the Identity Details UI:

    • Add it to the identityAttributeList inside the UIConfig object.

  • Run the "Refresh Identity Cubes" task to populate and expose the attribute.

Limitation:

  • The spt_identity table has a limit on how many extended attributes it can hold.

  • Once this limit is reached, you must define attributes using Hibernate mapping to store them in separate DB columns.

2. Adding Attributes via UI + Hibernate Mapping (identityExtendedAttributes.hbm.xml)

When extended attribute capacity is exhausted, or when deeper integration is required, this method allows you to map the attribute directly in the database schema.

Steps:

  1. Define the attribute in Global Settings → Identity Mappings.

  2. Edit the identityExtended.hbm.xml file:

    • Add a new <property> inside the <class name="sailpoint.object.Identity">.

    • Map it to an actual column in the spt_identity table.

  3. (Optional) Add the attribute to ObjectConfig to use it in workflows, rules, or policies.

  4. Run the "Refresh Identity Cubes" task.

When extended attribute capacity is exhausted, or when deeper integration is required, this method allows you to map the attribute directly in the database schema.

Steps:

  1. Define the attribute in Global Settings → Identity Mappings.

  2. Edit the identity.hbm.xml or identityExtended.hbm.xml file:

    • Add a new <property> inside the <class name="sailpoint.object.Identity">.

    • Map it to an actual column in the spt_identity table.

  3. (Optional) Add the attribute to ObjectConfig to use it in workflows, rules, or policies.

  4. Run the "Refresh Identity Cubes" task.

Recommended when extended attribute slots are full or when persistence, performance, or advanced usage is needed. when extended attribute slots are full or when persistence, performance, or advanced usage is needed.

0
Subscribe to my newsletter

Read articles from Kranthi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#identitymappingsiiqsailpointidentity-managementidentity and access management Identity Governance and Administration (IGA

Written by

Kranthi
Kranthi

👋 Hi, I’m Kranthi Kumar Puttapaka, a Certified SailPoint IAM Engineer with over 5 years of experience in building secure and scalable identity solutions. I help organizations streamline their Identity & Access Management (IAM) processes and strengthen their security posture. I specialize in designing and implementing enterprise-grade IAM systems using technologies like SailPoint IdentityIQ, Identity Security Cloud (ISC), Okta, Azure AD (Entra ID), and CyberArk. My focus areas include identity governance, access lifecycle automation, role-based access control, and Zero Trust security architectures. Over the years, I’ve led multiple SailPoint IIQ to ISC migration projects with zero downtime, developed custom connectors for seamless integrations, and implemented compliance frameworks like SOX, GDPR, HIPAA, and NIST. I also have hands-on experience with cloud platforms such as AWS and Azure, enabling organizations to adopt cloud-native identity governance. On the technical side, I work with Java, JavaScript, Python, and BeanShell for customization and automation. My toolkit includes Spring Boot, Spring Security, Docker, Terraform, and databases like MySQL, Oracle, MongoDB, and LDAP. Here on Hashnode, I write about IAM architecture patterns, SailPoint implementation deep dives, cloud identity strategies, Zero Trust security models, and real-world challenges I’ve solved in Identity Governance. Always excited to connect with fellow IAM professionals and share knowledge about building secure, scalable identity solutions. Let’s make the digital world more secure, one identity at a time!