Understanding Identity Mappings in SailPoint IdentityIQ

KranthiKranthi
2 min read

In SailPoint IIQ, Identity Mappings allow administrators to define and expose additional attributes in the Identity Cube. These attributes are essential for identity correlation, policy evaluation, workflows, UI display, and reporting.

There are two approaches to add custom identity attributes, depending on how they are stored and used.

1. Adding Custom Attributes via UI (Stored as Extended Attributes in spt_identity)

This is the default and most straightforward method for adding new attributes without editing backend files.

Key Points:

  • Navigate to Global Settings → Identity Mappings and define the custom attribute.

  • These attributes are stored as extended attributes in the spt_identity table.

  • To make the attribute visible in the Identity Details UI:

    • Add it to the identityAttributeList inside the UIConfig object.

  • Run the "Refresh Identity Cubes" task to populate and expose the attribute.

Limitation:

  • The spt_identity table has a limit on how many extended attributes it can hold.

  • Once this limit is reached, you must define attributes using Hibernate mapping to store them in separate DB columns.

2. Adding Attributes via UI + Hibernate Mapping (identityExtendedAttributes.hbm.xml)

When extended attribute capacity is exhausted, or when deeper integration is required, this method allows you to map the attribute directly in the database schema.

Steps:

  1. Define the attribute in Global Settings → Identity Mappings.

  2. Edit the identityExtended.hbm.xml file:

    • Add a new <property> inside the <class name="sailpoint.object.Identity">.

    • Map it to an actual column in the spt_identity table.

  3. (Optional) Add the attribute to ObjectConfig to use it in workflows, rules, or policies.

  4. Run the "Refresh Identity Cubes" task.

When extended attribute capacity is exhausted, or when deeper integration is required, this method allows you to map the attribute directly in the database schema.

Steps:

  1. Define the attribute in Global Settings → Identity Mappings.

  2. Edit the identity.hbm.xml or identityExtended.hbm.xml file:

    • Add a new <property> inside the <class name="sailpoint.object.Identity">.

    • Map it to an actual column in the spt_identity table.

  3. (Optional) Add the attribute to ObjectConfig to use it in workflows, rules, or policies.

  4. Run the "Refresh Identity Cubes" task.

Recommended when extended attribute slots are full or when persistence, performance, or advanced usage is needed. when extended attribute slots are full or when persistence, performance, or advanced usage is needed.

0
Subscribe to my newsletter

Read articles from Kranthi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#identitymappingsiiqsailpointidentity-managementidentity and access management Identity Governance and Administration (IGA

Written by

Kranthi
Kranthi

I specialize in Java, IAM, and SailPoint, solving identity security challenges and always open to discussions on java, access governance and authentication.