SESSION CODE: SEC304 Phil Whipps Principal Consultant CGI Australia EXTENDING FOREFRONT IDENTITY MANAGER (c) 2011 Microsoft.
Download ReportTranscript SESSION CODE: SEC304 Phil Whipps Principal Consultant CGI Australia EXTENDING FOREFRONT IDENTITY MANAGER (c) 2011 Microsoft.
SESSION CODE: SEC304 Phil Whipps Principal Consultant CGI Australia EXTENDING FOREFRONT IDENTITY MANAGER (c) 2011 Microsoft. All rights reserved. Agenda ► FIM 2010 Overview ► Portal Customisation ► Custom Applications – Silverlight Contractor Portal Demo ► PowerShell ► Workflows ► Application Integration – Twitter ECMA 2 Demo - @FIMTips ► HealthSMART Case Study (c) 2011 Microsoft. All rights reserved. FIM 2010 Overview Evolution R2 User Mgmt Credential Management Common Platform Workflow Connectors Logging Web Service API Synchronization Group Mgmt User Management Policy Management Credential Management Common Platform Workflow Connectors Logging Web Service API Synchronization Group Management Policy Management FIM Extension Points (c) 2011 Microsoft. All rights reserved. FIM Extension Points PORTAL CUSTOMISATION (c) 2011 Microsoft. All rights reserved. FIM Customisations Portals ► Portal Theme – Corporate Logos & Style ► Portal Config / Search Scopes ► RCDC’s – Create / Edit / View ► Schema – Custom resources & Attributes (c) 2011 Microsoft. All rights reserved. FIM Customisations Portals (c) 2011 Microsoft. All rights reserved. FIM Customisations Portals (c) 2011 Microsoft. All rights reserved. FIM Extension Points CUSTOM APPLICATION -WS (c) 2011 Microsoft. All rights reserved. FIM Customisations Custom - WS ► Web service APIs ► Multiple Endpoints – – – – Create – Resource Factory Edit / Delete – Resource Alternate endpoint – Anonymous access Security Token Service (STS) ► Additional uses – – – – Client based application Password reset Web based application (Silverlight Demo) ADFS attribute store (c) 2011 Microsoft. All rights reserved. demo Silverlight Integration FIM Extension Points POWERSHELL (c) 2011 Microsoft. All rights reserved. FIM Customisations Powershell ► FIMAutomation snapin – – – – Export-FIMConfig / Import-FIMConfig ConvertFrom-FIMResource / ConvertTo-FIMResource Join-FIMConfig Compare-FIMConfig ► Migration Between Environments ► Bulk import or export ► FIM Scriptbox ► FIM Powershell Commandlets (c) 2011 Microsoft. All rights reserved. FIM Customisations Powershell - Migration PROD Export DEV Export JOIN COMPARE Joins matching objects Generates the deltas IMPORT (c) 2011 Microsoft. All rights reserved. FIM Customisations Powershell (c) 2011 Microsoft. All rights reserved. FIM Extension Points CUSTOM WORKFLOWS (c) 2011 Microsoft. All rights reserved. FIM Customisations Workflows ► Custom business policy Integration ► Windows Workflow Foundation ► Activity (Service) / Activity Settings Part (Portal) ► Pass values to Workflow Parameters ► Authentication / Authorization / Action (c) 2011 Microsoft. All rights reserved. FIM Customisations Workflows Rights based MPR Committed to Database (c) 2011 Microsoft. All rights reserved. FIM Customisations Workflows Synchronisation Service – No AuthN / AuthZ (c) 2011 Microsoft. All rights reserved. Out Of the Box Activities Lockout Gate AuthN Used by password registration to lock on to many failed attempts QA Gate AuthN Question and Answers for password reset Function Evaluator AuthZ / Action Notification AuthZ / Action Filter Validation AuthZ List of “Allowed” attributes for Sets & Groups Group Validation AuthZ Validates attributes on groups – eg must have alias on distribution lists Approval AuthZ Send Approval email – based on an email template Password Reset Action Resets the password for the user Synchronization Rule Action Assigns an ERE to a Resource for Outbound Sync A handful of functions to used in workflow Email a user – based on an email template (c) 2011 Microsoft. All rights reserved. Customisation - Workflow Activity FIM Extension Points EXTENSIBLE MANAGEMENT AGENTS (c) 2011 Microsoft. All rights reserved. FIM Customisations Extensible Management Agents ► Cookie cutter for application Integration ► Export / Import / Password sync ► Can be packaged and deployed to other Sync Servers ► Enterprise applications ► Cloud based services (c) 2011 Microsoft. All rights reserved. FIM Management Agents AD Domain Services 2000, 2003, 2003 R2, 2008, 2008 R2 Call-based AD Lightweight Directory Services (ADLDS) AD Lightweight Directory Services (ADLDS) Call-based AD Global Address List (GAL) Exchange 2000, 2003, 2007, 2010 Call-based Attribute-Value Pair text file Attribute-value pair text files File-based FIM Certificate Management FIM 2010 Certificate Management Call-based Delimited text file Delimited text files File-based Directory Services Mark-up Language (DSML) Directory Services Markup Language (DSML) 2.0 File-based Fixed-Width text file Fixed-width text files File-based FIM Service Forefront Identity Manager 2010 Call-based IBM DB2 Universal Database DB2 v9.1 or v9.5 Call-based IBM Directory Server IBM Tivoli Directory Server 6.0 or 6.2 Call-based LDAP Data Interchange Format (LDIF) LDAP Data Interchange Format (LDIF) File-based Lotus Notes Lotus Notes Release v6.5 or v7.0 Call-based Novell eDirectory Novell eDirectory version 8.7.3 or 8.8.5 Call-based Oracle Database Oracle Database 10g, 11g (64 Bit) Call-based SAP R/3 R/3 Enterprise (4.7) / mySAP 2004 (ECC 5.0) File-based Microsoft SQL Server SQL Server 2000, 2005, 2008 Call-based Sun and Netscape Directory Servers Sun Directory Server 5.x and 6.x Call-based FIM Customisations ECMA 2 Features ► Call based Import ► Batched Import & Export ► Schema / Partition discovery ► Customizable parameters & Interface ► Definable capabilities (c) 2011 Microsoft. All rights reserved. FIM Customisations ECMA 2 Features (c) 2011 Microsoft. All rights reserved. FIM Customisations ECMA 2 Features ► String (RegEx validation) ► Label (descriptive text) ► String Encrypted ► Text (multi-line) ► Checkbox ► Divider ► Drop down ► File (c) 2011 Microsoft. All rights reserved. demo ECMA 2 – Twitter Integration HealthSMART Case study (c) 2011 Microsoft. All rights reserved. NEXT STEPS FIM Extensibility Roadmap http://msdn.microsoft.com/en-us/library/ff182370.aspx Portal Customisation http://technet.microsoft.com/en-us/library/ee534913(WS.10).aspx Web Service http://fim2010client.codeplex.com/ FIM Script Box http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/807617bc-b560-4cbe-a137-b9f338bfbd8e/ FIM Powershell Cmdlets http://fimpscmdlets.codeplex.com/ Custom Workflow http://msdn.microsoft.com/en-us/library/ee652258.aspx XMA 2.0 https://connect.microsoft.com/site433/fimcep FIM TIPs http://www.fimtips.com @FIMTips (c) 2011 Microsoft. All rights reserved. Enrol in Microsoft Virtual Academy Today Why Enroll, other than it being free? The MVA helps improve your IT skill set and advance your career with a free, easy to access training portal that allows you to learn at your own pace, focusing on Microsoft technologies. What Do I get for enrolment? ► Free training to make you become the Cloud-Hero in my Organization ► Help mastering your Training Path and get the recognition ► Connect with other IT Pros and discuss The Cloud Where do I Enrol? www.microsoftvirtualacademy.com Then tell us what you think. [email protected] © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. (c) 2011 Microsoft. All rights reserved. Resources www.msteched.com/Australia www.microsoft.com/australia/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http:// technet.microsoft.com/en-au http://msdn.microsoft.com/en-au Resources for IT Professionals Resources for Developers (c) 2011 Microsoft. All rights reserved.