PKI Blog

Best Practices: Optimizing FIM Performance

Posted by CSS Technical Team on Feb 25, 2015 9:58:00 AM

The goal of this article is to provide a checklist for validating Microsoft's Forefront Identity Manager's (FIM) configuration for optimal performance. As there are many different technologies involved in a FIM deployment, I thought it would be helpful to compile a list of articles that would be useful for planning or troubleshooting performance related issues.

This post provides a significant number of things to consider in planning and/or performance optimization of a FIM solution. As with any guidance of this nature, the guidance provided in this article may not apply to all situations and should be earnestly evaluated for applicability against the current design. This document is not specifically arranged in any order or priority, but is intended to form a comprehensive listing of items that may be decreasing performance.

Read More

Topics: Identity Federation, FIM, Identity and Access Management, Forefront Identity Manager (FIM), Identity Management, Microsoft Identity Manager, digital identity, MIM

Batch Attribute Updates for Users in Forefront Identity Manager (FIM)

Posted by CSS Technical Team on Jun 25, 2014 11:56:00 AM

A client recently requested the ability to use data in an externally-generated file to perform batch attribute updates for Users in the FIM Service. What made this more complicated than expected was that some of the user attributes, for example Manager, were FIM references.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Forefront Identity Manager (FIM), FIM web service, Identity Management, Microsoft Forefront Identity Manager, Blog, FIM automation, PowerShell

What Should a FIM Lab Environment Look Like?

Posted by CSS Technical Team on Jun 17, 2014 6:55:18 AM

This question always brings about a lively discussion during FIM design sessions, as this topic has many different vantage points.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, Setting up a FIM Lab, FIM production, FIM, Forefront Identity Manager (FIM), Identity Management, FIM Lab Best Practices, SCCM, Blog, what should a fim lab look like, Active Directory (AD), Active Directory, FIM LAB Design, AD, FIM Lab

FIM Self Service Password Reset: Account Enablement

Posted by Sami Van Vliet on Jun 19, 2013 5:52:51 AM

I recently worked on a project where the client had some users who may not be logging into their accounts for 6 months or more, but their corporate policy was to disable accounts that had been dormant for more than 3 months.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, Microsoft Active Directory, Password reset, Forefront Identity Manager (FIM), Identity Management, Microsoft AD, FIM Password reset, Blog, Self-Service Password Reset, Active Directory, AD

Microsoft Forefront Identity Manager Certificate Management 2010 and Thales nConnect HSM

Posted by CSS Technical Team on Feb 8, 2013 3:49:00 AM

Ever wonder why documents always say use module protect when using FIM CM and Thales HSM together? Why use the HSM in a less secure mode when it is designed to be a K of N device?

Read More

Topics: IT Security, Microsoft Security Partner, Thales, hardware security modules, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Information Security, Blog, FIM CM, HSM

Reference Attributes, Group Membership and Shifting Authoritative Sources

Posted by Sami Van Vliet on May 14, 2012 4:43:32 AM

A recent requirement for a project was to have users and groups provisioned from Domain B to Domain A. Simple enough, but a catch was that, as applications were migrated to Domain A, their groups would be “owned” by Domain A, which would now be the authoritative source for all group attributes (in this case, the authoritative source is determined by the OU the group is in in Domain B. The name of this OU is stored in the rules extension configuration file).

A custom rules extension is used to determine which management agent is authoritative, and to be sure the user objects being added to the member attribute are from the appropriate domain.

Read More

Topics: IT Security, Microsoft Security Partner, FIM, Reference Attributes, Group Membership, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog

FIM Multivalued Attribute Tables

Posted by Sami Van Vliet on Jan 24, 2012 4:00:49 AM

I was recently helping someone new to FIM come to grips with the multivalued attribute (MVA) table. The MVA table can be used to populate a multi-valued attribute—in a common scenario, this would be the member attributes of a group object.

Although there are good write ups on how to do this for those familiar with FIM, step by step instructions seemed helpful for those just learning.

Read More

Topics: FIM Multivalued attribute table, Multivalued attribute table, IT Security, Microsoft Security Partner, FIM, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, FIM MVA, Microsoft FIM, Blog

FIM Set and Group Attribute Criteria

Posted by Laurin Kline on Jun 6, 2011 11:30:05 AM

As with many quests, the one I embarked on to figure out how to create criteria based sets and groups where membership was based on an attribute in the FIM portal being “empty” turned out to be more complex than first thought.

We start our story with a mythical client and a problem. The client was not certain that “Office Location” was populated with either an office or store location for every user in the FIM Portal. They wanted to create a criteria-based set that identified all of the users where the provisioning process had not specified an office location. The use for this set will be left to your imagination.

Read More

Topics: Criteria Based Groups, Microsoft Security Partner, 2010 Criteria Based Sets, Sets in FIM, FIM Set Criteria Detecting Empty Attributes, FIM Sets, Forefront Identity Manager (FIM), FIM Group Criteria Detecting Empty Attributes, FIM Groups, Identity Management, Blog, Groups in FIM

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?