Create an Explore and Correlate Definition

To add users that exist in an endpoint, you create an explore and correlate definition for that endpoint. Any administrator with the Create Explore and Correlate Definition task can create the definition.
cim143
To add users that exist in an endpoint, you create an explore and correlate definition for that endpoint. Any administrator with the Create Explore and Correlate Definition task can create the definition.
 
Follow these steps:
 
  1. In an environment, click Endpoints, Explore and Correlate Definitions, Create Explore and Correlate Definition.
  2. Click Okay to start a new definition.
  3. Fill in Explore and Correlate name with any meaningful name.
  4. Click Select Container/Endpoint/Explore Method to choose an endpoint and containers if they exist. For a large endpoint, a container search may take a while; you can use the search filter to narrow the search.
  5. Click an explore method for the container. The explore and correlate process includes containers you select and its sub-containers. For a directory container, it includes all the containers in the sub-tree.
  6. Click the Explore/Correlate Actions to perform:
    •  
      Explore directory for managed objects
       -- Finds objects that are stored on the endpoint and not in the provisioning directory.
    •  
      Correlate accounts to users
       -- Correlates the objects that were found in the explore function with users in the provisioning directory. Two choices of correlation exist.
      •  
        Use existing users
        Use this choice for a correlation rule that matches each account with a previously created user.
        If the user is found, the account is correlated with that user. If multiple users are found, the account is correlated with the default user. If no user is found, the account is correlated with the default user.
      •  
        Create users as needed
        Use this choice when correlating accounts on your primary endpoint. This option presumes that the accounts on your endpoint are named exactly the same as the users. The correlation-matching algorithm is unused with this option. Instead, each account is associated to the user with the same name. If the user does not yet exist, it is created. No accounts are associated to the default user.
    •  
      Update user fields
       -- If a mapping exists between the object fields and the user fields, the user fields are updated with data from the objects fields.
      Users are created with no optional attributes such as full name, address and telephone numbers. During the initial acquisition of an endpoint, use this option to set these user attributes using account attribute values. During subsequent explore and correlates, use this option to refresh the user attributes to apply changes made to the account attributes, perhaps by tools other than 
      Identity Manager
      .
  7. Click Submit.
Now an administrator with the Execute Explore and Correlate task completes the integration of the endpoint.
Incremental Explore and Correlate
The Explore and Correlate functionality of the endpoint explores all the managed accounts. The Incremental Explore identifies the newly added accounts in the endpoint and the Incremental correlation phase matches the accounts with the newly added users in 
Identity Manager
 or creates the accounts. The managed objects are fetched from the last successful explore and correlate performed.
 
Prerequisites:
Ensure the following procedures are completed before performing an Incremental Explore and Correlate.
  • After upgrading to 
    CA Identity Manager
     14.3, import the role definitions of Active Directory.
  • Perform a Full Explore and Correlate on the Root container selected for Incremental Explore and Correlate. For more information, see Integrating Managed Endpoints.
 
To create an Incremental Explore and Correlate definition, follow these steps:
 
  1. On 
    Identity Manager
    , navigate to Endpoints, Explore and Correlate Definitions, Create Explore and Correlate Definition.
  2. Select a 'Create a new object of type Explore and Correlate' and click OK.
  3. Provide an Explore and Correlate Name and click Select Container/Endpoint/Explore method.
  4. On the Select Endpoint screen search and select an Active Directory Endpoint.
  5. On the Select Container screen search and select a root container with the Explore method set to ‘full sub-tree’.
  6. Check the Incremental Explore and Correlate option and click Submit.
The Incremental Explore and Correlate definition is created.
For information on executing the definition created, refer to Explore and Correlate the Endpoint.
 
Note:
 
  • Incremental Explore and Correlate can be run only on a 
    Root Container
     with Explore Method selected as
     Full Sub-tree
    .
  • Incremental Explore and Correlate cannot be performed on a container on which only a Partial Explore and Correlate has been run previously.
  • If the connection to Active Directory is lost for any reason during Explore and Correlate (Full or Incremental), a Full Explore and Correlate needs to be performed again to ensure that there is no loss of data when an Incremental Explore and Correlate is run later.
  • If there are any new users added to Active Directory while a Full Explore and Correlate is in progress, use the Onboard Accounts option to Explore and Correlate the newly added accounts.