Marking an account schema attribute as managed does not mean the attribute can be edited in IdentityIQ. In IdentityIQ application schema configuration, a managed attribute is one whose values are promoted into IdentityIQ as governable access objects, commonly represented in the entitlement catalog. This allows IdentityIQ to attach governance metadata to the discovered values, such as display name, description, owner, requestability, classification, and review-related context.
Editability is controlled through different mechanisms, including provisioning policies, forms, workflows, connector capabilities, and provisioning plan operations. An attribute may be managed for governance purposes without being directly editable by a user in IdentityIQ. Conversely, an attribute may be populated during provisioning if the application connector and provisioning policy support it, but that is separate from the schema’s managed designation.
The managed setting is therefore about governance, cataloging, and access modeling, not direct modification. It enables IdentityIQ to treat values of that schema attribute as objects that can be reviewed, requested, certified, described, and owned.
Reference topics: Applications — account schema attributes and their functions; Access Modeling — entitlement catalog; Governance — certifications; Provisioning — provisioning policies and attribute handling.
