Just in case anyone stumbles across this, I’ve moved back to the UK from the US and returned to my old job for OCG UK. Much as we loved living in the Pacific Northwest, we missed our families & friends (and good beer, cider, rugby & cricket) too much.
Apart from the physical change of location everything else will remain much the same. I’ll be designing and deploying Microsoft IAM solutions for OCG’s customers and failing to update this blog on a regular or meaningful basis, as ever.
Wow, three months with no post. Ah me, ’twas ever thus.
Anyway, exciting news in the Microsoft IAM world. As posted on the OCG blog
“Microsoft announced that they have acquired certain assets of BHOLD. Here at OCG we are doubly excited about this news: we’re excited for our partners at BHOLD naturally but we’re even more excited for our customers about the extra functionality and benefits that BHOLD adds onto the FIM platform.
BHOLD adds significant additional functionality and value to FIM with role management and Governance, Risk and Compliance (GRC) features such as access governance and attestation. A typical FIM and BHOLD deployment has BHOLD as the central repository of role and authorization data and FIM as the synchronization and fulfillment engine. Role data is loaded into BHOLD from connected systems such as an HR database and AD (and other applications) and through BHOLD’s role mining capabilities, a role model is developed in very short time, rather than the years and months traditional manual role modeling efforts can take. Then, using management agents developed jointly by OCG and BHOLD, BHOLD informs FIM which roles (expressed often as groups) to add or remove users to, based on the role model and other data (such as separation of duties rules). Users and managers can access their role data for self-service requests, reporting or attestation through the BHOLD user interface which fits seamlessly into the FIM portal, thereby giving users a single interface for all aspects of identity management.
Not too blow our own trumpet too loudly, but we at OCG saw how BHOLD closed a gap in the FIM offering nearly two years ago when we first announced our BHOLD partnership. Since then we have successfully deployed BHOLD and FIM together at two major customers in the US. Both customers have similar solutions with users entering the FIM metaverse from an HR MA, being exported to the BHOLD database to pick up their role data, and then being passed back to FIM for provisioning or fulfillment of the BHOLD rules. We will be posting more information on how FIM and BHOLD work together in the coming weeks and months, so stay tuned. Please reach out directly to info@oxfordcomputergroup.com if you are planning or considering deploying BHOLD and FIM.”
I’ve just been watching this presentation by Brjann Brekkan and Mark Wahl. For experienced FIM people curious as to some of the details of FIM R2 – especially the new Extranet Self-Service Password Reset, the Reporting and integration with System Center Datawarehouse, and the new EZMA – it’s invaluable viewing. I’m really excited by the reporting, especially as I’m sure I heard someone say you will not need to purchase a System Center Datawarehouse license to use the reporting integration with FIM (at about 56:30)
Technical Overview of Microsoft Forefront Identity Manager 2010 R2
I added OpenID support to the site for comments (in the vain hope I may get one or two). If someone does happen to read this and also happens to have an OpenID, would you please be so kind as to drop in a comment to let me know it works?
Thanks and apologies for the bleg
I’ve seen this reported on the OCG internal technical mail list a couple of times, but only just got caught by it today, so I thought I would share.
The FIM MA seems to ignore a case change (or at least a case change from Proper Case to UPPPERCASE) on a simple string attribute. I had all my “city” attributes in Proper Case (e.g. Las Vegas), then changed the HR import sync rule to just flow the raw UPPERCASE value (LAS VEGAS). I could see the changes being applied in request objects in the Portal, but no change actually happened on the user object and I had 4,000 “Exported Change Not Reimported” errors on the next import from FIM.
An easy (if not exactly quick) change to this is to temporarily make an actual change to all the affected attributes (e.g. append something to the string or flow a constant) then change it back again. Easy, but not quick as you have to run an import/sync from the Portal to flow in the new flow rule, sync the HR MA to make the change apply, then export back out to FIM.
I’m sure all you cool FIM dudes out there have hit this a million times and have some whizzy PowerShell script to fix it. If so, please chuck it my way as I’m going to take the easy option tonight and not script the fix. If I have a change of heart and do get around to scripting it, I’ll be sure to share.
Update – apparently this was fixed in version 4.0.3573.2 http://support.microsoft.com/kb/2417774
Update to Update – I applied the hotfix and it now does work, which is nice
First post on the new site. Forgive me while I tinker with the layout, in return I promise to try to blog more often. Note, however, that this is not the same thing as actually posting more often.
Anyway, the long-awaited and eagerly-anticipated FIM R2 is finally on it’s way. I wasn’t at Tech-Ed but apparently it was announced there, although I can’t find an official MS release note anywhere.
Brjann Brekkan has the details of the R2 Community Evaluation Program announced on his blog and the details are on Kent Nordström’s blog (via Jackson Shaw). Like most people, I’m really looking forward to the web-based, non-domain-joined, non-Active-X, Self-Service Password Reset portal.
