Resource Wizard: Object Type Mappings

Last modified 10 Jun 2025 12:50 +02:00
Since 4.9
This functionality is available since version 4.9.
Table of Contents

Mapping is a mechanism that takes input properties from the source, transforms them, and inserts the result into another property that is then used by a resource. In other words, mapping enables you to use the data from your source systems, such as HR applications, and adapt them so that you can use them in your target systems, such as LDAP.

To access mappings, click  Resources >  All resources > your_resource >  Accounts >  Configure >  Mappings.

Mappings are composed of two complementary parts:

  • Inbound mappings: Control the transfer of data from source systems to midPoint objects.

  • Outbound mappings: Control the transfer of data from midPoint objects to target systems.

For a more in-depth description, see the following pages:

Inbound Mappings

Inbound mapping transforms data from authoritative sources to midPoint. Typically, it is used to populate new user objects with data from an HR system.

step 2 mappings inbound
Figure 1. Table of inbound mappings

To add an inbound mapping:

  1. Go to  Resources >  All resources > your_resource >  Accounts >  Configure >  Mappings.

  2. Click  Add inbound.

  3. Configure the following:

    • Name: Name of the mapping. This is convenient during troubleshooting and when using resource template inheritance.

    • From resource attribute: Defines a resource attribute that is used as input for the mapping.

    • Expression: Specifies how the source attribute is used.
      Refer to Expressions for more details.

      • As is (default): Copies values from the resource attribute to the midPoint target property.

      • Literal: Enables you to specify a constant value upon clicking Show values.

      • Script: Enables you to define a more complex behavior using a midPoint expression (by default in Groovy) upon clicking Show script.

      • Generate: Enables you to generate a random string using a value policy. This is typically used for generating passwords. Upon clicking Show generate, you can choose from the following options in the Mode menu:

        • Policy: Selects a value policy that controls the password generation.

        • Universal Unique Identifier: Generates passwords in the form of a Universal Unique Identifier (UUID). This is useful when you need passwords that are guaranteed to be unique and not easily guessable.

      • Path: Specifies a data path to a specific attribute or property in the resource object upon clicking Show path. For example, if you want to create an inbound mapping for an attribute like fullname, and you want to derive it from the givenName and familyName attributes, you can set the path to givenName + ' ' + familyName.

    • Target: Defines a midPoint property that is used to store the value generated by the inbound mapping.

    • Lifecycle state: Defines the lifecycle state of the mapping. This can be used for Simulations. For example, if you set the lifecycle state to Proposed, it will only be used to simulate the mapping without influencing the real data. Alternatively, setting the lifecycle state to Draft disables the mapping, etc.

  4. Click  Save mappings

You can access advanced inbound mapping configuration by clicking the  Edit button.

You can delete a mapping by clicking  Delete.

Click  Attribute overrides if you need to override attribute visibility or other behavior.

Outbound Mappings

Outbound mappings are used to populate target resource attribute values by midPoint properties.

step 2 mappings outbound
Figure 2. Table of outbound mappings

To add an outbound mapping:

  1. Go to  Resources >  All resources > your_resource >  Accounts >  Configure >  Mappings >  Outbound mappings (to Resource).

  2. Click Add outbound.

  3. Configure the individual settings. The available settings are the same as for inbound mappings. The difference is that while inbound mappings control data transfer between source systems and midPoint, outbound mappings control data transfer from midPoint to target systems, such as LDAP.

  4. Click  Save mappings

You can access advanced outbound mapping configuration by clicking the  Edit button.

You can test new mappings without influencing the real data by setting their Lifecycle state to Proposed and use Simulations.

Click  Attribute overrides if you need to override attribute visibility or other behavior.

Attribute Override

Attribute configuration can be overridden beyond the context of the mappings to give you more maneuvering space, for example to override the default connector behavior. For more details on attributes, see the Attribute Definitions page.

step 2 mappings override
Figure 3. Table of attribute overrides

  1. On the inbound/outbound mappings page, click  Attribute overrides. You can then override the following attribute parameters:

    • Ref: Specifies the path to the attribute. The path must point to an object property or to an attribute in the resource schema that belongs to the respective object class.

    • Display name: Defines the display name of the attribute.

    • Description: Defines the description of the attribute.

    • Mandatory field: Defines if the attribute is mandatory (True) or not (False).

    • Multi-value: Defines if the attribute can contain multiple values (True) or only a single value (False).

    • Tolerant: Defines how different values are tolerated. If set to True, values set outside of midPoint, or outside the object template mappings, are allowed. In such a case, synchronization only removes values that are assigned by midPoint or template mappings, while other values that exist in the resource but are not assigned or provisioned by midPoint are tolerated. If set to False, these other values are not tolerated. When midPoint detects them, e.g. during a reconciliation, it removes them.

    • Lifecycle state: Defines the lifecycle state of the attribute.

  2. Click  Save overrides to save your changes.

You can access advanced attribute override configuration by clicking the  Edit button.

Limitations

Resource wizard has several limitations, such as:

MidPoint resource wizard can’t show or edit these features but tolerates them and keeps them untouched if you configure them in XML.

See Also

Here are additional resources to explore:

Was this page helpful?
YES NO
Thanks for your feedback