Hi Rathee,
You probably have already opened a support case and got this sorted. If not, in order for you to correlate any endpoint account with an IDM user you need to set up correlation rules and you need to make sure that it is possible to match the IDM user and the endpoint account on some attribute or offset of an attribute value. Search "correlation rules" in the Identity Manager documentation.
In your case, I understand that IDM userID and Active Directory Account ID don't match. So the questions you need to answer are:
- is there any attribute (or offset therefore) on the AD side that can be matched with the IDM userID value? If yes, then configure the correlation rule as follows: GlobalUserName=ActiveDirectory:YourMatchingADAttributeName (or offset)
- is there any attribute on the IDM User profile that can be matched with the AD account ID firstname.lastname? If yes, then configure the correlation rule as follows: YourGlobalUserAttributeName=ActiveDirectory:AccountID. Make sure that you have the IDM user attribute mapped with the correct Provisioning User attribute in the IM environment provisioning mappings.
- If the response to the above questions is no, then you may need to create an attribute on the IDM (create in user store and map to provisioning store attribute ex. eTCustomField20) that you calculate automatically once you create an IDM user. So in your case, I would use policy xpress that sets the value of your attribute (let's assume we use ADCorrelateAttribute in IDM that is mapped to eTCustomField20 in provisioning store for this) to IDM user's "firstname.lastname". This way when you explore and correlate AD accounts you can correlate AD accountID with IDM provisioning user's eTCustomField20.
I hope this clarifies how correlation works.
KR
Russi