Defining The User Provisioning Method - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

Select User Stores to search: Select and order the user stores you want to use in the search.
User Matching Expression: Select a matching expression, or click New User Matching
Expression to create one.
3a In the Name option, specify a name for the matching expression.
3b Click the Add Attributes icon, then select an attribute.
The Personal Profile attributes are listed first, then the LDAP attributes.
3c (Conditional) To add more attributes, click the Add Attributes icon.
3d Click Finish.
3e Select the new expression on the User Method Matching page, then click OK.
4 Click OK twice.
5 Update the Identity Server.

11.3 Defining the User Provisioning Method

If you have selected Provision account as the user identification method or have created an attribute
matching setting that allows for provisioning when no match is found, you need to create a provision
method. This procedure involves selecting required and optional attributes that the service provider
requests from the identity provider during provisioning.
IMPORTANT: When a user object is created in the directory, some attributes are initially created
with the value of NAM Generated. Afterwards, an attempt is made to write the required and optional
attributes to the new user object. Because required and optional attributes are profile attributes, the
system checks the write policy for the profile's Data Location Settings (specified in Liberty > Web
Service Provider) and writes the attribute in either LDAP or the configuration store. In order for the
282 Novell Access Manager 3.1 SP2 Identity Server Guide