Data Ownership and Source Mapping

This page explains which connected source is authoritative for which identity data and how source mappings are defined in the Identity Operations Platform.

The focus is on practical customer operation, especially for deployments that use OpenText Advanced Authentication together with directory sources.

Terminology

• Operator: an authenticated person who performs actions in the platform.
• Managed Identity: the target identity/account handled by identity operations.
• User Source: a connected upstream system.
• Source Mapping: a defined mapping between one source context and another source context.

Why Ownership Matters

In multi-source identity environments, each source usually owns only part of the full identity context. Clear ownership avoids:

• conflicting updates
• inconsistent identity views
• unclear operational responsibility

The Identity Operations Platform therefore treats data ownership as explicit, not implicit.

Leading Source Principles

The platform applies these principles:

1. One authoritative source per data domain
   Every data element is owned by a defined source context.

2. Map before merge
   Data is only consolidated across sources when an explicit source mapping exists.

3. Preserve source boundaries
   Consolidation creates an operational view, but does not remove source ownership boundaries.

4. Decision-time consistency
   Operational decisions can use current source state so actions align with the latest authoritative data.

OpenText Advanced Authentication-Centric Model

For many customer setups, OpenText Advanced Authentication is the entry point for authentication and repository context, while directory services provide directory-specific identity data.

Typical ownership split:

Data Aspect	Leading Source (Typical)
Operator sign-in context	OpenText Advanced Authentication
Repository context / source assignment	OpenText Advanced Authentication
Directory identity attributes	Active Directory or LDAP
Directory group memberships	Active Directory or LDAP
Directory account state attributes	Active Directory or LDAP

This model keeps authentication and directory governance clearly separated while still allowing one consolidated operational view.

How Source Mapping Works

A source mapping defines which directory source belongs to a specific repository context from OpenText Advanced Authentication.

Operationally, this means:

1. OpenText Advanced Authentication identifies the relevant repository context.
2. The platform resolves the configured source mapping for that context.
3. The mapped directory source provides directory-owned identity and group data.
4. The platform combines these data domains into one managed operational view.

Without a source mapping, cross-source consolidation is intentionally limited.

Customer Design Guidance

To keep behavior predictable, customers should:

1. Define ownership per data domain before go-live.
2. Keep source mappings explicit and documented per repository context.
3. Avoid overlapping ownership for the same identity attribute across multiple sources.
4. Validate source mappings during onboarding and after topology changes.
5. Reconfirm ownership and mapping assumptions during major integration updates.

Summary

The Identity Operations Platform uses explicit ownership and explicit source mappings to consolidate identity data safely. With OpenText Advanced Authentication as authentication context and mapped directory sources as directory context, customers get a clear and governable operating model for identity operations.