Configure object type mappings

Last modified 26 Feb 2026 14:40 +01:00
Since 4.8
This functionality is available since version 4.8.
Table of Contents

Mapping is a mechanism that takes input properties from a source, transforms them, and inserts the result into a target property. In other words, mappings are your means of data transformation and exchange among various systems you have connected to midPoint.

Refer to MidPoint Expressions and Mappings for more details on the topic.

Inbound vs. outbound mappings

There are two complementary kinds of mapping rules, inbound and outbound.

Inbound mappings transfer data from projections (e.g., accounts) on the resource side to focal objects (e.g., users) on the midPoint side. They map data in the direction which points into midPoint. For example, you can use inbound mappings to populate midPoint user attributes with data from your remote application, such as an HR system.

Outbound mappings define how to populate the resource-side object attributes with the values from focal object attributes in midPoint. They map data in the direction which points out of midPoint.

For each mapping (of either direction), you need to define:

  • A name which should be descriptive and has to be unique across the whole midPoint resource.

  • A source attribute, the value of which serves as the input for the mapping rule.

  • A target property to which the mapping sends its output.

  • An expression declaring how to handle the input value.

  • A lifecycle state.

For inbound mappings, the source is an attribute in the resource and the target is a focus property in midPoint. Conversely, for outbound mappings, the source is in midPoint and the target is in the resource.

Configure mappings

To configure mappings in a midPoint resource:

  1. In  Resources >  All Resources, select your resource.

  2. In  Accounts, click  Configure >  Mappings.

    Access mappings for your resource
    Figure 1. Configuration menu in the resource account list as an entry point to the mapping rules wizard

    The mapping configuration screen contains two tabs:

    • Inbound mappings (to midPoint)

    • Outbound mappings (to resource)

    A screen listing all inbound mappings
    Figure 2. A list of configured inbound mappings

  3. Select a tab according to which direction you need to configure.

  4. You can:

    • Create mappings manually by clicking Add inbound or Add outbound.

    • Use an artificial intelligence (AI) assistant to help you create mappings - See Use AI to generate mappings and then return here to continue modifying the AI suggested mappings if needed.

  5. Configure the mapping:

    • Name: Name your mapping descriptively. This is convenient during troubleshooting and when using resource template inheritance.

    • From resource attribute (inbound mapping): Select a resource attribute that is used as an input for the mapping.

    • Source (outbound mapping): Select a midPoint focus property to be used as an input for the mapping.

    • Expression: Select how to handle the source attribute value. Refer to Expressions for more details.

      • As is (default): Copy values without changes.

      • Literal: Specify one or more constant values upon clicking Show values.

      • Script: Define a more complex behavior using a script upon clicking Show script.

      • Generate: Generate a random string. You can use this to generate passwords. Click Show generate to select the mode:

        • Policy: Generate a password abiding a default or explicitly selected password policy.

        • Universally Unique Identifier: Generate a random unique identifier (UUID).

      • Path: Reference a property or a variable upon clicking Show path.

    • Target (inbound mapping): Select a midPoint property in which to store the mapping output.

    • To resource attribute (outbound mapping): Select a resource property in which to store the mapping output.

    • Lifecycle state: Select the lifecycle state of the mapping.

  6. To check that your mapping configuration works as expected, you can run a simulation.

  7. Click  Save mappings to save your configuration.

Use the buttons at the far right of the mapping list rows to delete, rename, or duplicate rules, and to access advanced mapping configuration.

Mapping types

For faster orientation, individual mappings are marked with icons that represent their type.
See advanced mapping configuration.

Table 1. Mapping type icons
Icon Mapping type

Standard mapping (Use for set to Undefined or All).

Mapping used for correlation (Use for set to Correlation).

Mapping used for synchronization (Use for set to Synchronization).

Mapping with Strength set to Strong.

Mapping with Strength set to Normal.

Mapping with Strength set to Weak.

Use AI to generate mappings

To configure mappings faster and more efficiently, use the midPoint AI assistant to generate mappings based on your resource and midPoint schema.

mapping enable ai
Figure 3. Enable AI assistant for mapping generation

  1. Click Suggestions Disabled to enable the AI assistant. If you have not yet configured any mappings, this toggle will not be visible, and you can continue to the next step.

  2. Click the Generate suggestions button to generate mapping suggestions based on the actual data in your resource. The AI assistant will prompt you to select the data you want to analyze, such as your schema. To ensure maximum security, no authentication credentials or passwords are shared in the process.

  3. Inspect the generated suggestions. Suggestions marked in blue are generated using heuristics based on the resource and midPoint schema, while those marked in purple are generated by the AI assistant. You will be able to see more details about the suggestions, such as used expressions, later after accepting them.

  4. Take action on the generated suggestions:

    • Accept them so that you can open them for editing. By accepting at this point, you are only accepting the mapping suggestions, and you still remain in control as you will be able to review and modify the suggested mappings before saving them.

    • Dismiss the suggestions if you do not want to use them at all.

      If you have dismissed some suggestions by mistake, or have made changes you are not happy with, you can always remove the corrupted mappings and click Re-generate to get new suggestions.

      mapping re generate
      Figure 4. Re-generate suggestions if you are not happy with the current ones. This will not affect any of the rules you have already accepted.
    Accept all suggestions so that you can review and edit them all at once.

  5. Once you have accepted or dismissed the suggestions, you can continue configuring the mappings.

  6. Save mappings to save your configuration when done.

Simulate mappings

After you set up your mappings, you can run a simulation to check how they work with the actual data in your resource.

mapping simulation
Figure 5. Run a mapping simulation

In mappings list, at the top of the page:

  1. Click Simulate.

  2. Select the environment you want to run the simulation in, and click Save and execute.

  3. Wait for the simulation to finish, and check the results.

    You can always review the simulation results in your mappings by clicking the dropdown menu for Simulate.

Attribute overrides

Attribute configuration can be overridden beyond the context of the mappings to give you more maneuvering space, for example to override the default connector behavior. Attribute overrides apply to any use of the overridden attributes; you cannot override an attribute only for outbound mappings, for instance.

Refer to Attribute Definitions and the nested articles for details.

To configure attribute overrides:

  1. In  Resources >  All Resources, select your resource.

  2. In  Accounts, click  Configure >  Mappings.

  3. Click Attribute overrides

  4. To add a new override, click Add override.

By default, all attributes that are or have been used in a mapping rule are listed on the attribute overrides screen.
Screen listing configured attribute overrides
Figure 6. List of configured attribute overrides

These are the options you can configure for an attribute override:

  • Ref: Select the attribute to override.

  • Display name: Specify the display name of the attribute.

  • Description: Define the description of the attribute.

  • Mandatory field: Specify if the attribute is mandatory (True) or not (False).

  • Multi-value field: Define if the attribute can contain multiple values (True) or only a single value (False).

  • Tolerant: Define whether values of a foreign origin are tolerated.

    • When an attribute is tolerant, midPoint will tolerate values it has not provisioned itself, e.g., those set directly in the resource.

    • When an attribute is not tolerant, midPoint will proactively remove during a reconciliation any value that that does not originate from midPoint.

  • Lifecycle state: Select the lifecycle state of the attribute.

Click  Save overrides to save your changes.

Use the buttons at the far right of the attribute override list rows to delete or duplicate overrides, and to access advanced attribute override configuration.

Limitations

Resource wizard has several limitations, such as:

MidPoint resource wizard can’t show or edit these features but tolerates them and keeps them untouched if you configure them in XML.

See also

Here are additional resources to explore:

Was this page helpful?
YES NO
Thanks for your feedback