Overview#Identity Cube is a concept use by SailPoint to represent a Digital Subject.
Identity Attributes are essential to a functional SailPoint IIQ installation. SailPoint IIQ represents users by Identity Cubes. Identity Cubes are a correlated collection of all the Digital Identity and entitlements that represent a single user in the real world.
Identity Attributes are created by directly mapping a list of Attribute Value from various sources or derived through rules or mappings.
Take First Name and last name as an example. First name is references in almost every application, but the Identity Cube can only have 1 First Name. To make sure that Identity Cube have an assigned First Name, a hierarchical-data map is created to assign the Identity Attribute. When refreshing the Identity Cubes, IIQ will look for the first matching value in the map and use that as the Identity attribute. The hierarchy may look like the following:
- If firstname exist in PeopleSoft use that.
- If not, then use the givenName in Microsoft Active Directory.
- If that doesn’t exist, use the givenName in LDAP. Etc.