In this video tutorial, we will follow a fictive company called “The Company”, as it implements a complete Identity Management solution, helping you to understand the implementation of an IdM solution based on FIM 2010 R2. We will go the whole nine yards, from installing FIM 2010 R2 to implementing synchronization, workflows, and self-service features.
Using FIM 2010 R2, The Company will help guide your efforts to modernize your Identity Management solution by showing you how to implement both automation and self-service functionality.
Using the HR system as a master system for users, The Company will be able to automate account management in their Active Directory. Adding self-service will help people help themselves by enabling them to be productive again, for example, if users forget their password or want to join groups without the need to call the helpdesk.
This video course will open your mind to the possibilities of FIM 2010 R2.
Installing SPF 2013 to be used by FIM requires some special installation steps and configurations.
The main problem with the FIM service accounts is the Kerberos configuration required for the final solution to work.
If we do not use SQL aliases, we will have difficulty in moving between test and production and scaling the solution by moving databases if required.
Discussing the different choices given during the synchronization service installation.
Discussing the different choices given during the service and portal installation.
The FIM Service MA is a special MA that requires some special configuration.
Deciding the parts of AD as well as the objects and attributes managed by FIM are often a challenge when designing a FIM solution.
The Run Profiles available to use for a connected system will decide how fast changes can be propagated through the FIM system.
Managing the FIM Service schema and the FIM synchronization service schema is sometimes challenging.
Structuring the data from our HR system to fit the needs of FIM will increase the usability of our HR data.
FIM has the ability to provision new users in AD by just selecting a few check boxes.
Using the built-in Bit operation functions in FIM helps us manage attributes such as userAccountControl
If you have Exchange, you can add creation of mailboxes to your FIM solution.
In AD, the group object has its groupType attribute, which needs to be mapped to corresponding settings in FIM.
FIM can manage organizational unit object but can map these to groups in AD.
By default, group management is disabled in FIM. We also need to make sure that attributes used in dynamic groups are configured in FIM.
Defining who should be allowed to what in FIM becomes an important question as soon as we allow some Self-service.
Deploying the Outlook Add-in and training users how to work with groups might be a challenge with FIM.
Making sure that all the required attributes are in place is one problem; the other is to have the correct MPRs activated.
The problem is to define who should have access to the SSPR feature and how should they authenticate.
The problem is to define who and which attributes to allow users to manage.
The problem is that, the operations helpdesk needs to perform, require some customization of the FIM UI and policies.
There is no WYSIWYG editor to modify the look and feel of the portal. All changes have to be made to the configuration and XML files.
Building your own WF activity can be challenging. There are similar activities available from 3rd party suppliers or as open source.
FIM lacks functions to convert some data types. Using a few lines of code in a classic rules extension usually solves this problem.
If you need FIM to connect to a system for which no management agent is available, a PowerShell MA might be an easy way to solve the problem.
Depending on the version of SCSM, the installation requires different updates to FIM.
The initial data jobs required, before we get any data in the reports, might take a long time.
The problem with viewing the reports is to know how to filter the results to get the expected data.
Permission in SQL Reporting is required to be set, and making a custom UI modification in the FIM Portal requires special MPRs.
Prerequisites are much more complex than the actual installation of FIM CM.
There are many steps in the Configuration Wizard, and it is easy to make some minor mistakes that will cause you to start the process again.
The CA need to have the correct SQL and Signing Certificate information.
The FIM CM profile templates are very complex and rely on a number of permissions in AD as well.
Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.
With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.
From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.
Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.