Jun 24, 2012

Introduction: Microsoft Forefront Identity Manager (FIM) 2010

Guys, there’s something that I want to share to all of you. I wrote this with my style, and hope you enjoy the entire article. I’ll write on next couple posts about Microsoft Forefront Identity Manager (FIM) 2010 from developers perspective. I’m a .NET developer, remember? Of course I will write this from my point of view.

FIM Logo

Microsoft Forefront Identity Manager is a new name for Identity Lifecycle Manager which was officially named as Identity Lifecycle Manager (ILM) 2007. It’s a software specialized for exporting / importing a data from one to another data source. More specific, an attribute to another attribute. If you imagine on a big company that has a couple data source for employees identity, such as Active Directory and Exchange for email and logins, HR systems as employee data, maybe a site portal with such kind of different user data, or plus with telephony system which holds all the extension number of all employees. And they want to put and combine all data from data sources, and deploy to another data source such as Active Directory, they may need this software and you may use this (and sell services) for them. I don’t know exactly the cost for this software, but at next articles, again, I just want to share from .NET developers perspective, not another.

In 2010 version, there’s a big change since Identity Lifecycle Manager in 2007 version. Now, we can export import to a new Management Agent (MA) named FIM Portal. This portal also works as the UI for FIM. We can specify attribute imports and exports, defining rules, creating attributes, change some security so users can also create an identity by accessing this portal. But for FIM Portal, I won’t discuss further, as I still need some exploration on this. Actually it’s pretty “friendly” compared to the console application which is not good for inexperience user like me. But if you missed a configuration, your FIM Portal sync won’t work even you’re already make a good configuration. And there’s a performance consideration using FIM Portal, when you try to sync users more than 5000. It’ll sync an additional object called Detected Rule Entry (DRE) and Expected Rule Entry (ERE) which always will consist more than one per user! But if you use only the console, you won’t get a GUI, not much as friendly as the portal, no expanded functionality, but it’s really easy to configure and to code.

Here’s the list of next article, and it’ll changed to link if I’ve published an article for that title:

  • Forefront Identity Manager - Understand How it Works

  • Forefront Identity Manager - Sync Methods

  • Forefront Identity Manager - Management Agent Configurations

  • Forefront Identity Manager - Creating Custom Management Agent

  • Forefront Identity Manager - Creating Custom Rule Extension

  • Forefront Identity Manager - Creating Custom Password Sync Rule

Guys, at last I’m pretty confident to write this article, and really appreciate your comments. Again, I’m not a system engineer, nor a FIM expert, just a .NET app developer. So sorry if any mistakes on next couple articles, and please do comments for this, so I can make a quick changes if necessary. I also intend to get some quote from some sites including Microsoft.com, and I’ll give it to you at the end of articles.