EXTENDING FOREFRONT IDENTITY MANAGER Phil Whipps Principal Consultant CGI Australia SESSION CODE:...

(c) 2011 Microsoft. All rights reserved.

EXTENDING FOREFRONT IDENTITY MANAGER

Phil WhippsPrincipal ConsultantCGI Australia

SESSION CODE: SEC304


Agenda

► FIM 2010 Overview► Portal Customisation► Custom Applications– Silverlight Contractor Portal Demo

► PowerShell► Workflows► Application Integration– Twitter ECMA 2 Demo - @FIMTips

► HealthSMART Case Study

FIM 2010 OverviewEvolution

Office Integration for Self-ServiceDeclarative ProvisioningGroup & DL ManagementWorkflow and PolicySupport for 3rd Party CAs

User Mgmt

GroupMgmt

Credential Management

Common PlatformWorkflow

ConnectorsLogging

Web Service APISynchronization

PolicyManagement

Identity SynchronizationUser Provisioning Certificate and Smartcard Management Web based password reset

ReportingSimplified deployment and troubleshootingEnhanced performanceEnhanced MA connectivityAdded language support

User Management

GroupManagement

Credential Management

Common PlatformWorkflow

ConnectorsLogging

Web Service APISynchronization Policy

Management

R2


FIM Extension Points


PORTAL CUSTOMISATIONFIM Extension Points

FIM Customisations Portals

► Portal Theme– Corporate Logos & Style

► Portal Config / Search Scopes► RCDC’s– Create / Edit / View

► Schema– Custom resources & Attributes


FIM Customisations Portals



CUSTOM APPLICATION -WS



FIM Customisations Custom - WS

► Web service APIs

► Multiple Endpoints– Create – Resource Factory– Edit / Delete – Resource – Alternate endpoint – Anonymous access– Security Token Service (STS)

► Additional uses– Client based application– Password reset– Web based application (Silverlight Demo)– ADFS attribute store

Silverlight Integration

demo


POWERSHELLFIM Extension Points


FIM Customisations Powershell

► FIMAutomation snapin– Export-FIMConfig / Import-FIMConfig– ConvertFrom-FIMResource / ConvertTo-FIMResource– Join-FIMConfig– Compare-FIMConfig

► Migration Between Environments

► Bulk import or export

► FIM Scriptbox

► FIM Powershell Commandlets


DEVExport

PRODExport

JOIN

COMPARE

IMPORT

Generates the deltas

Joins matching objects

FIM Customisations Powershell - Migration


FIM Customisations Powershell


CUSTOM WORKFLOWSFIM Extension Points


FIM Customisations Workflows

► Custom business policy Integration

► Windows Workflow Foundation

► Activity (Service) / Activity Settings Part (Portal)

► Pass values to Workflow Parameters

► Authentication / Authorization / Action



Committed to DatabaseRights based MPR



Synchronisation Service – No AuthN / AuthZ


Out Of the Box ActivitiesActivity Name Type Description

Lockout Gate AuthNUsed by password registration to lock on to many failed

attempts

QA Gate AuthN Question and Answers for password reset

Function Evaluator AuthZ / ActionA handful of functions to used in workflow

Notification AuthZ / ActionEmail a user – based on an email template

Filter Validation AuthZ List of “Allowed” attributes for Sets & Groups

Group Validation AuthZValidates attributes on groups – eg must have alias on

distribution lists

Approval AuthZ Send Approval email – based on an email template

Password Reset Action Resets the password for the user

Synchronization Rule Action Assigns an ERE to a Resource for Outbound Sync

Customisation - Workflow Activity


EXTENSIBLE MANAGEMENT AGENTS



FIM Customisations Extensible Management Agents

► Cookie cutter for application Integration

► Export / Import / Password sync

► Can be packaged and deployed to other Sync Servers

► Enterprise applications

► Cloud based services

FIM Management AgentsManagement Agent Versions Supported Type

AD Domain Services 2000, 2003, 2003 R2, 2008, 2008 R2 Call-based

AD Lightweight Directory Services (ADLDS) AD Lightweight Directory Services (ADLDS) Call-based

AD Global Address List (GAL) Exchange 2000, 2003, 2007, 2010 Call-based

Attribute-Value Pair text file Attribute-value pair text files File-based

FIM Certificate Management FIM 2010 Certificate Management Call-based

Delimited text file Delimited text files File-based

Directory Services Mark-up Language (DSML) Directory Services Markup Language (DSML) 2.0 File-based

Fixed-Width text file Fixed-width text files File-based

FIM Service Forefront Identity Manager 2010 Call-based

IBM DB2 Universal Database DB2 v9.1 or v9.5 Call-based

IBM Directory Server IBM Tivoli Directory Server 6.0 or 6.2 Call-based

LDAP Data Interchange Format (LDIF) LDAP Data Interchange Format (LDIF) File-based

Lotus Notes Lotus Notes Release v6.5 or v7.0 Call-based

Novell eDirectory Novell eDirectory version 8.7.3 or 8.8.5 Call-based

Oracle Database Oracle Database 10g, 11g (64 Bit) Call-based

SAP R/3 R/3 Enterprise (4.7) / mySAP 2004 (ECC 5.0) File-based

Microsoft SQL Server SQL Server 2000, 2005, 2008 Call-based

Sun and Netscape Directory Servers Sun Directory Server 5.x and 6.x Call-based


FIM Customisations ECMA 2 Features

► Call based Import

► Batched Import & Export

► Schema / Partition discovery

► Customizable parameters & Interface

► Definable capabilities



► String (RegEx validation)► Label (descriptive text)► String Encrypted► Text (multi-line)► Checkbox► Divider► Drop down► File

ECMA 2 – Twitter Integration

demo


HealthSMART Case study


NEXT STEPSFIM Extensibility Roadmap

http://msdn.microsoft.com/en-us/library/ff182370.aspx

Portal Customisationhttp://technet.microsoft.com/en-us/library/ee534913(WS.10).aspx

Web Servicehttp://fim2010client.codeplex.com/

FIM Script Boxhttp://social.technet.microsoft.com/Forums/en-US/ilm2/thread/807617bc-b560-4cbe-a137-b9f338bfbd8e/

FIM Powershell Cmdletshttp://fimpscmdlets.codeplex.com/

Custom Workflowhttp://msdn.microsoft.com/en-us/library/ee652258.aspx

XMA 2.0https://connect.microsoft.com/site433/fimcep

FIM TIPshttp://www.fimtips.com@FIMTips

Enrol in Microsoft Virtual Academy TodayWhy Enroll, other than it being free?The MVA helps improve your IT skill set and advance your career with a free, easy to access training portal that allows you to learn at your own pace, focusing on Microsoft technologies.

What Do I get for enrolment?► Free training to make you become the Cloud-Hero in my Organization► Help mastering your Training Path and get the recognition► Connect with other IT Pros and discuss The Cloud

Where do I Enrol?

www.microsoftvirtualacademy.com

Then tell us what you think. [email protected]

http://www.microsoftvirtualacademy.com/Home.aspx?WT.mc_id=otc-n-au-jtc-DPR-40787


© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this

presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


www.msteched.com/Australia

Sessions On-Demand & Community

http:// technet.microsoft.com/en-au

Resources for IT Professionals

http://msdn.microsoft.com/en-au

Resources for Developers

www.microsoft.com/australia/learning

Microsoft Certification & Training Resources

Resources

http://www.msteched.com/Australia

http://technet.microsoft.com/en-au







http://www.microsoft.com/australia/learning

EXTENDING FOREFRONT IDENTITY MANAGER Phil Whipps Principal Consultant CGI Australia SESSION CODE:...

Documents

Transcript of EXTENDING FOREFRONT IDENTITY MANAGER Phil Whipps Principal Consultant CGI Australia SESSION CODE:...