Microsoft Forefront Identity Manager 2010 R2 Handbook

Book description

This is the only reference you need to implement and manage Microsoft Forefront Identity Manager in your business. Takes you from design to configuration in logical steps, and even covers basic Certificate Management and troubleshooting.

  • A comprehensive handbook that takes you through how to implement and manage FIM 2010 R2
  • Includes how to implement a complete FIM 2010 R2 infrastructure
  • Covers codeless identity management using FIM 2010 R2

In Detail

Microsoft's Forefront Identity Manager simplifies enterprise identity management for end users by automating admin tasks and integrating the infrastructure of an enterprise with strong authentication systems.

The "Microsoft Forefront Identity Manager 2010 R2 Handbook" is an in-depth guide to Identity Management. You will learn how to manage users and groups and implement self-service parts. This book also covers basic Certificate Management and troubleshooting.

Throughout the book we will follow a fictional case study. You will see how to implement IM and also set up Smart Card logon for strong administrative accounts within Active Directory. You will learn to implement all the features of FIM 2010 R2. You will see how to install a complete FIM 2010 R2 infrastructure including both test and production environment. You will be introduced to Self-Service management of both users and groups. FIM Reports to audit the identity management lifecycle are also discussed in detail.

With the "Microsoft Forefront Identity Manager 2010 R2 Handbook" you will be able implement and manage FIM 2010 R2 almost effortlessly.

Table of contents

  1. Microsoft Forefront Identity Manager 2010 R2 Handbook
    1. Table of Contents
    2. Microsoft Forefront Identity Manager 2010 R2 Handbook
    3. Credits
    4. About the Author
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
        3. Instant Updates on New Packt Books
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. The Story in this Book
      1. The Company
      2. The challenges
        1. Provisioning of users
        2. Identity lifecycle procedures
        3. Highly Privileged Accounts (HPA)
        4. Password management
        5. Traceability
      3. The solutions
        1. Implement FIM 2010 R2
        2. Start using smart cards
        3. Implement federation
      4. The environment
      5. Moving forward
      6. Summary

    9. 2. Overview of FIM 2010 R2
      1. The history of FIM 2010 R2
      2. FIM Synchronization Service (FIM Sync)
        1. Management Agents
        2. Non-declarative vs. declarative synchronization
        3. Password synchronization
        4. FIM Service Management Agent
      3. FIM Service
        1. Request pipeline
        2. FIM Service Management Agent
        3. Management Policy Rules (MPRs)
      4. FIM Portal
        1. Self Service Password Reset (SSPR)
      5. FIM Reporting
      6. FIM Certificate Management (FIM CM)
        1. Certificate Management portal
      7. Licensing
      8. Summary
    10. 3. Installation
      1. Development versus production
      2. Capacity planning
      3. Separating roles
        1. Databases
        2. FIM features
      4. Hardware
      5. Installation order
      6. Prerequisites
        1. Databases
          1. Collation and languages
          2. SQL aliases
          3. FIM-Dev
          4. SQL
          5. SCSM
        2. Web servers
          1. FIM Portal
          2. FIM Password Reset
          3. FIM Certificate Management
        3. Service accounts
        4. Kerberos configuration
          1. SETSPN
          2. Delegation
        5. System Center Service Manager Console
      7. Installation
        1. FIM Synchronization Service
        2. FIM Service and FIM Portal
        3. FIM Password Reset portal
        4. FIM Certificate Management
        5. SCSM management
        6. SCSM Data Warehouse
      8. Post-installation configuration
        1. Granting FIM Service access to FIM Sync
        2. Securing the FIM Service mailbox
        3. Disabling indexing in SharePoint
        4. Redirecting to IdentityManagement
        5. Enforcing Kerberos
        6. Editing binding in IIS for FIM Password sites
        7. Registering SCSM Manager in Data Warehouse
        8. FIM post-install scripts for Data Warehouse
      9. Summary
    11. 4. Basic Configuration
      1. Creating Management Agents
        1. Active Directory
          1. Least privileged
          2. Directory replication
          3. Password reset
          4. Creating AD MA
        2. HR (SQL Server)
          1. Creating SQL MA
        3. Run profiles
          1. Single or Multi step
      2. Schema management
        1. FIM Sync versus FIM Service schema
        2. Object deletion in MV
        3. Modifying FIM Service schema
      3. FIM Service MA
        1. Creating the FIM Service MA
        2. Creating run profiles
        3. First import
        4. Filtering accounts
      4. Initial load versus scheduled runs
      5. Moving configuration from development to production
        1. Maintenance mode for production
          1. Disabling maintenance mode
        2. Exporting FIM Synchronization Service settings
        3. Exporting FIM Service settings
          1. Exporting the FIM Service schema
          2. Exporting the FIM Service policy
        4. Generating the difference files
          1. Generating the schema difference
          2. Generating the policy difference
        5. Importing to production
          1. Importing custom code
          2. Importing the Service schema difference
          3. Importing the Synchronization Service settings
          4. Importing the FIM Service policy
        6. PowerShell scripts
      6. Summary
    12. 5. User Management
      1. Modifying MPRs for user management
      2. Configuring sets for user management
      3. Inbound synchronization rules
      4. Outbound synchronization rules
        1. Outbound synchronization policy
        2. Outbound system scoping filter
        3. Detected rule entry
      5. Provisioning
        1. Non-declarative provisioning
      6. Managing users in a phone system
      7. Managing users in Active Directory
        1. userAccountControl
        2. Provision users to Active Directory
          1. Synchronization rule
          2. Set
          3. Workflow
          4. MPR
        3. Inbound synchronization from AD
      8. Temporal Sets
      9. Self-service using the FIM portal
        1. Managers can see direct reports
        2. Users can manage their own attributes
      10. Managing Exchange
        1. Exchange 2007
        2. Exchange 2010
        3. Synchronization rule for Exchange
          1. Mailbox users
          2. Mail-enabled users
      11. Summary
    13. 6. Group Management
      1. Group scope and types
        1. Active Directory
        2. FIM
          1. Type
          2. Scope
          3. Member Selection
            1. Manual
            2. Manager-based
            3. Criteria-based
      2. Installing client add-ins
        1. Add-ins and extensions
      3. Modifying MPRs for group management
      4. Creating and managing distribution groups
      5. Importing groups from HR
      6. FIM Service and Metaverse
      7. Managing groups in AD
        1. Security groups
        2. Distribution groups
          1. Synchronization rule
          2. Set
          3. Workflow
          4. MPR
      8. Summary
    14. 7. Self-service Password Reset
      1. Anonymous request
        1. QA versus OTP
      2. Enabling password management in AD
      3. Allowing FIM Service to set passwords
      4. Configuring FIM Service
        1. Security context
        2. Password Reset Users Set
        3. Password Reset AuthN workflow
          1. Configuring the QA gate
          2. The OTP gate
          3. Require re-registration
        4. SSPR MPRs
      5. The user experience
      6. Summary
    15. 8. Using FIM to Manage Office 365 and Other Cloud Identities
      1. Overview of Office 365
        1. DirSync
        2. Federation
        3. PowerShell or Custom MA
        4. Using UAG and FIM to get OTP for Office 365
      2. Summary
    16. 9. Reporting
      1. Verifying the SCSM setup
        1. Synchronizing data from FIM to SCSM
      2. Default reports
      3. The SCSM ETL process
      4. Looking at reports
        1. Allowing users to read reports
      5. Modifying the reports
      6. Summary
    17. 10. FIM Portal Customization
      1. Components of the UI
      2. Portal Configuration
      3. Navigation Bar Resource
      4. Search scopes
        1. Usage Keyword
        2. Search Definition
        3. Results
        4. Creating your own search scope
      5. Filter Permissions
      6. RCDC
      7. Summary
    18. 11. Customizing Data Transformations
      1. Our options
        1. PowerShell
        2. Classic rules extensions
        3. SSIS
        4. Workflow activities
        5. Extensible Connectivity Management Agent
      2. Managing Lync
        1. Provision Lync Users
        2. Managing multivalued attributes
      3. Selective deprovisioning
      4. The case with the strange roles
      5. Summary
    19. 12. Issuing Smart Cards
      1. Our scenario
        1. Assurance level
      2. Extending the schema
      3. The configuration wizard
        1. Create service accounts
        2. Create certificate templates for FIM CM service accounts
          1. FIM CM User Agent certificate template
          2. FIM CM Enrollment Agent certificate template
          3. FIM CM Key Recovery Agent certificate template
          4. Enable the templates
        3. Require SSL on the CM portal
        4. Kerberos again!
        5. Install SQL Client Tools Connectivity
        6. Run the wizard
        7. Backup certificates
        8. Rerunning the wizard
          1. The accounts
          2. The database
      4. Configuring the FIM CM Update Service
      5. Database permissions
      6. Configuring the CA
        1. Installing FIM CM CA files
        2. Configuring Policy Module
      7. Installing the FIM CM client
      8. FIM CM permissions
        1. Service Connection Point
        2. Users and groups
        3. Certificate Template
        4. Profile Template object
        5. Profile Template settings
      9. Allowing managers to issue certificates for consultants
        1. Creating a Profile Template for consultant Smart Cards
        2. Configuring permissions for consultant Smart Cards
        3. John enrolls a Smart Card
      10. RDP using Smart Cards
      11. CM Management Agent
      12. Summary
    20. 13. Troubleshooting
      1. Reminder
      2. Troubleshooting
        1. Kerberos
        2. Connected Data Sources
        3. FIM Sync
        4. FIM Service
          1. Request errors
          2. Sync errors
          3. Reporting
        5. FIM CM
          1. Agent certificates
          2. CA
        6. FIM clients
      3. Backup and restore
        1. FIM Sync
        2. FIM Service and Portal
        3. FIM CM
        4. Source code
      4. Summary
    21. A. Afterword
    22. Index

Product information

  • Title: Microsoft Forefront Identity Manager 2010 R2 Handbook
  • Author(s): Kent Nordstrom
  • Release date: August 2012
  • Publisher(s): Packt Publishing
  • ISBN: 9781849685368