Post on 24-Dec-2015
(c) 2011 Microsoft. All rights reserved.
EXTENDING FOREFRONT IDENTITY MANAGER
Phil WhippsPrincipal ConsultantCGI Australia
SESSION CODE: SEC304
(c) 2011 Microsoft. All rights reserved.
Agenda
► FIM 2010 Overview► Portal Customisation► Custom Applications– Silverlight Contractor Portal Demo
► PowerShell► Workflows► Application Integration– Twitter ECMA 2 Demo - @FIMTips
► HealthSMART Case Study
FIM 2010 OverviewEvolution
Office Integration for Self-ServiceDeclarative ProvisioningGroup & DL ManagementWorkflow and PolicySupport for 3rd Party CAs
User Mgmt
GroupMgmt
Credential Management
Common PlatformWorkflow
ConnectorsLogging
Web Service APISynchronization
PolicyManagement
Identity SynchronizationUser Provisioning Certificate and Smartcard Management Web based password reset
ReportingSimplified deployment and troubleshootingEnhanced performanceEnhanced MA connectivityAdded language support
User Management
GroupManagement
Credential Management
Common PlatformWorkflow
ConnectorsLogging
Web Service APISynchronization Policy
Management
R2
(c) 2011 Microsoft. All rights reserved.
FIM Extension Points
(c) 2011 Microsoft. All rights reserved.
PORTAL CUSTOMISATIONFIM Extension Points
FIM Customisations Portals
► Portal Theme– Corporate Logos & Style
► Portal Config / Search Scopes► RCDC’s– Create / Edit / View
► Schema– Custom resources & Attributes
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Portals
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Portals
(c) 2011 Microsoft. All rights reserved.
(c) 2011 Microsoft. All rights reserved.
CUSTOM APPLICATION -WS
FIM Extension Points
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Custom - WS
► Web service APIs
► Multiple Endpoints– Create – Resource Factory– Edit / Delete – Resource – Alternate endpoint – Anonymous access– Security Token Service (STS)
► Additional uses– Client based application– Password reset– Web based application (Silverlight Demo)– ADFS attribute store
Silverlight Integration
demo
(c) 2011 Microsoft. All rights reserved.
POWERSHELLFIM Extension Points
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Powershell
► FIMAutomation snapin– Export-FIMConfig / Import-FIMConfig– ConvertFrom-FIMResource / ConvertTo-FIMResource– Join-FIMConfig– Compare-FIMConfig
► Migration Between Environments
► Bulk import or export
► FIM Scriptbox
► FIM Powershell Commandlets
(c) 2011 Microsoft. All rights reserved.
DEVExport
PRODExport
JOIN
COMPARE
IMPORT
Generates the deltas
Joins matching objects
FIM Customisations Powershell - Migration
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Powershell
(c) 2011 Microsoft. All rights reserved.
CUSTOM WORKFLOWSFIM Extension Points
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Workflows
► Custom business policy Integration
► Windows Workflow Foundation
► Activity (Service) / Activity Settings Part (Portal)
► Pass values to Workflow Parameters
► Authentication / Authorization / Action
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Workflows
Committed to DatabaseRights based MPR
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Workflows
Synchronisation Service – No AuthN / AuthZ
(c) 2011 Microsoft. All rights reserved.
Out Of the Box ActivitiesActivity Name Type Description
Lockout Gate AuthNUsed by password registration to lock on to many failed
attempts
QA Gate AuthN Question and Answers for password reset
Function Evaluator AuthZ / ActionA handful of functions to used in workflow
Notification AuthZ / ActionEmail a user – based on an email template
Filter Validation AuthZ List of “Allowed” attributes for Sets & Groups
Group Validation AuthZValidates attributes on groups – eg must have alias on
distribution lists
Approval AuthZ Send Approval email – based on an email template
Password Reset Action Resets the password for the user
Synchronization Rule Action Assigns an ERE to a Resource for Outbound Sync
Customisation - Workflow Activity
(c) 2011 Microsoft. All rights reserved.
EXTENSIBLE MANAGEMENT AGENTS
FIM Extension Points
(c) 2011 Microsoft. All rights reserved.
FIM Customisations Extensible Management Agents
► Cookie cutter for application Integration
► Export / Import / Password sync
► Can be packaged and deployed to other Sync Servers
► Enterprise applications
► Cloud based services
FIM Management AgentsManagement Agent Versions Supported Type
AD Domain Services 2000, 2003, 2003 R2, 2008, 2008 R2 Call-based
AD Lightweight Directory Services (ADLDS) AD Lightweight Directory Services (ADLDS) Call-based
AD Global Address List (GAL) Exchange 2000, 2003, 2007, 2010 Call-based
Attribute-Value Pair text file Attribute-value pair text files File-based
FIM Certificate Management FIM 2010 Certificate Management Call-based
Delimited text file Delimited text files File-based
Directory Services Mark-up Language (DSML) Directory Services Markup Language (DSML) 2.0 File-based
Fixed-Width text file Fixed-width text files File-based
FIM Service Forefront Identity Manager 2010 Call-based
IBM DB2 Universal Database DB2 v9.1 or v9.5 Call-based
IBM Directory Server IBM Tivoli Directory Server 6.0 or 6.2 Call-based
LDAP Data Interchange Format (LDIF) LDAP Data Interchange Format (LDIF) File-based
Lotus Notes Lotus Notes Release v6.5 or v7.0 Call-based
Novell eDirectory Novell eDirectory version 8.7.3 or 8.8.5 Call-based
Oracle Database Oracle Database 10g, 11g (64 Bit) Call-based
SAP R/3 R/3 Enterprise (4.7) / mySAP 2004 (ECC 5.0) File-based
Microsoft SQL Server SQL Server 2000, 2005, 2008 Call-based
Sun and Netscape Directory Servers Sun Directory Server 5.x and 6.x Call-based
(c) 2011 Microsoft. All rights reserved.
FIM Customisations ECMA 2 Features
► Call based Import
► Batched Import & Export
► Schema / Partition discovery
► Customizable parameters & Interface
► Definable capabilities
(c) 2011 Microsoft. All rights reserved.
FIM Customisations ECMA 2 Features
(c) 2011 Microsoft. All rights reserved.
FIM Customisations ECMA 2 Features
► String (RegEx validation)► Label (descriptive text)► String Encrypted► Text (multi-line)► Checkbox► Divider► Drop down► File
ECMA 2 – Twitter Integration
demo
(c) 2011 Microsoft. All rights reserved.
HealthSMART Case study
(c) 2011 Microsoft. All rights reserved.
NEXT STEPSFIM Extensibility Roadmap
http://msdn.microsoft.com/en-us/library/ff182370.aspx
Portal Customisationhttp://technet.microsoft.com/en-us/library/ee534913(WS.10).aspx
Web Servicehttp://fim2010client.codeplex.com/
FIM Script Boxhttp://social.technet.microsoft.com/Forums/en-US/ilm2/thread/807617bc-b560-4cbe-a137-b9f338bfbd8e/
FIM Powershell Cmdletshttp://fimpscmdlets.codeplex.com/
Custom Workflowhttp://msdn.microsoft.com/en-us/library/ee652258.aspx
XMA 2.0https://connect.microsoft.com/site433/fimcep
FIM TIPshttp://www.fimtips.com@FIMTips
Enrol in Microsoft Virtual Academy TodayWhy Enroll, other than it being free?The MVA helps improve your IT skill set and advance your career with a free, easy to access training portal that allows you to learn at your own pace, focusing on Microsoft technologies.
What Do I get for enrolment?► Free training to make you become the Cloud-Hero in my Organization► Help mastering your Training Path and get the recognition► Connect with other IT Pros and discuss The Cloud
Where do I Enrol?
www.microsoftvirtualacademy.com
Then tell us what you think. TellTheDean@microsoft.com
(c) 2011 Microsoft. All rights reserved.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
(c) 2011 Microsoft. All rights reserved.
www.msteched.com/Australia
Sessions On-Demand & Community
http:// technet.microsoft.com/en-au
Resources for IT Professionals
http://msdn.microsoft.com/en-au
Resources for Developers
www.microsoft.com/australia/learning
Microsoft Certification & Training Resources
Resources