Adventures in identity management
I was asked today to implement notification emails on changes to certain groups. Like many situations with the FIM Portal this turned out to be trickier than expected. A number of the groups are criteria-based so don’t actually have a member attribute as such. With no member-update request happening there’s nothing to actually trigger a…
MPRs should either have “Grants Permission” ticked, or they should trigger Workflows, but preferably not both.
I just had a request to do with auditing activity in the FIM Portal, and as the solution was quite neat and easy to implement I thought I’d share it. The security team need to archive information about who makes changes in AD and other applications, and now they need to be able to audit…
There’s an ongoing problem with maintaining a system that has all the configuration possibilities of FIM. Documentation is usually out of date the moment it’s written and it’s a cumbersome way to try and understand a system anyway. One thing that can at least make your Policy configuration a bit easier to understand is to…
In my current project I’ve created around 40 Workflows and over 80 MPRs – and this is just phase one! In an effort to keep things tidy I’ve been using naming conventions and a consistent design approach, and one thing I found myself doing was separating MPRs that grant permissions from MPRs that run Workflows.
Something that has come up from time to time on the FIM forum is the need to trigger an AuthZ workflow based on some change made by an Action workflow (or by the Sync Service). This is not possible in the FIM Service today and I don’t see any evidence that it will be possible in the…