...
Users that have been identified by a third party are called unregistered users. For example, if an external strong authentication method is used (e.g., a certificate based method), the identifier returned is the subject from the user certificate, which may not exactly match the user id (uid) in the Ubisecure Directory or another integrated directory. For this reason, mapping is performed to match the identifier(s) returned by the identity provider to one or more fields in the user account. After this match is performed, the applicable agents will have access to both sets of user data (limited only by the Authorization Policy used).This
In order to be able to use an external authentication method with directory user mappings, following configurations are required for the authentication method:
- Add the method to the directory that are used for the mapping, for example in tab Services → CustomerID Directory → Connected Methods
- Add the method to the site(s) where the users are located, for example in tab eIDM Users → Site Methods
A directory user mapping is configured using extended LDAP URL syntax, which provides a capability to create search filters with values of arbitrary method attributes. In addition, it is possible to define search preconditions based on attribute values.
...