Adventures in identity management
I’ve been struggling lately with poor SQL performance in a Test environment and I’m pretty sure that has been causing an intermittent problem with objects not transitioning in to Sets and Groups straight away. They all get sorted out when the FIMTemporalEvents job runs overnight – but that’s not very comforting to the testers who…
I’ve been confusing myself no end with temporal set rules and I’ve finally figured out it’s because I thought “today” meant what it sounds like – whereas in fact it means “now”.
I noticed that I couldn’t use a particular attribute in search or set filters. While this can be caused by filter validation I always disable those MPRs (“General workflow: Filter attribute validation for administrator” and “General workflow: Filter attribute validation for non-administrators”) so that never causes me a problem. In this case it turned out…
I just had a request to do with auditing activity in the FIM Portal, and as the solution was quite neat and easy to implement I thought I’d share it. The security team need to archive information about who makes changes in AD and other applications, and now they need to be able to audit…
There’s an ongoing problem with maintaining a system that has all the configuration possibilities of FIM. Documentation is usually out of date the moment it’s written and it’s a cumbersome way to try and understand a system anyway. One thing that can at least make your Policy configuration a bit easier to understand is to…
Something that has come up from time to time on the FIM forum is the need to trigger an AuthZ workflow based on some change made by an Action workflow (or by the Sync Service). This is not possible in the FIM Service today and I don’t see any evidence that it will be possible in the…
The other day I was helping a colleague with a workflow that wasn’t working. He had a number of “Set Transition” MPRs that were behaving as expected – except for one. Eventually the penny dropped – it was because the transition set was based on a datetime attribute – a “Temporal Set”.
The account you use to install the FIM Portal becomes its built-in administrator account. I believe this account should be treated with extra care, so here are a few of my personal best practices. Please do comment and add your own tips if you have a different perspective to share.
Post deleted because it was a lot easier than I thought! See comments below.
I’ve been creating lots of Sets lately. Lots and lots. I created over 400 of them and there are around 40k objects in the system. At TEC I found out that no one else seems to have created quite so many Sets so here are my observations.