VIS can join directories in multiple ways based upon your needs. For example, users from separate directories can be joined together, providing a consolidated union of users from all connected directories.
If the same user exists in more than one directory, VIS can merge attributes across the multiple directories into a single joined object. VIS can be configured to select which attributes are used from each of the connected directories.
Union Mode
Union Mode provides a combination or collection of the objects from all connected source directories. Users from all connected data sources are joined or "unioned" together into a single combined view. This is useful when user identities are unique and do not overlap within the directories, such as an internal directory and an external directory.
Click image for larger picture
Join Rules
Join rules are used for the other two operating modes of VIS, Object Precedence Mode and Attribute Precedence Mode.
VIS utilizes join rules to determine if an object is the "same" object in another directory. This "same" object may have diffent data attributes in each directory (telephone number for example), but in reality it is the same basic object/entity.
Even though this applies to multiple object types, the easiest example is to consider user objects. In many companies a users's identity exists in multiple directories. VIS determines that it is the same "user" based on join rules which are configured based on user attributes.
For example, if you set a join rule based on EmployeeID, then VIS would know that all user objects that contain the same EmployeeID would be the same "identity". Join rules are configured on an object class by object class basis. Once VIS determines that a given object is a joined object how it manages that object is determined by the mode (either OP or AP).
Object Precedence (OP)Mode
Object Precedence Mode provides an authoritative order at a directory level. This is useful when user identities are contained in multiple directories. In this configuration, VIS will return the user object contained in a given directory based on a search or precedence order.
For example, in the diagram below Gary Thoms exists both in the Internal and External directory. In this use case we have configured VIS to always return the user object from the Internal directory if a user exists in each of the directories.
Click image for larger picture
Attribute Precedence (AP) Mode
Attribute Precedence Mode provides a merged view of joined objects. This is useful when user identities are contained in multiple directories and you would like to return attributes that are authoritative in different directories.
For example, in the diagram below Gary Thoms exists both in the Internal and External directory. In this use case we have configured VIS to return the attributes Givenname and SN from Internal directory and sAMAccountName and HealthID from External directory for any joined users.
