Thanks to all who came along to my session at Microsoft Ignite today. Here are the resources I presented at today’s session WIN332 – From Fortran to FIM: Dragging your identity management system of our the dark ages.
Resources for Engineers and Admins
ACMA is a fast, efficient, codeless way of implementing business rules that can create and transform information within your FIM/MIM implementation. ACMA comes with a UI editor for your rules file, a PowerShell module for modifying ACMA objects directly, and a unit testing engine that allows you to test all the rules you have created. Check out the video link below for a more detailed demonstration of the capabilities of ACMA
UMARE is a codeless rules extension for FIM/MIM. It can be used on any MA to perform transform operations on incoming and outgoing identity data. With over 40 transforms available out of the box, including very common scenarios we all need to support like converting an ‘accountDisabled’ attribute to a bitmask on the AD userAccountControl attribute, and converting the FIM Service group type strings into the right groupType value in AD. If there is a transform that’s missing, let me know and I can add it in.
Forget DREs, EREs and sync rules. Get a hold of Soren’s Metaverse Rules Extension. It’s a very powerful and flexible component that can reduce the complexity of your provisioning time. Create a provisionToAD attribute in ACMA, flow it out to the metaverse, and add a provisioning rule to the MRE to provision when that flag is true. Keep the complexity in ACMA, and let MRE handle the ‘acting’.
If you don’t have GIT or TFS in your organization, you can get a Visual Studio Online account from Microsoft that is free for up to 5 users. A version control system is a must-have for tracking your documents, scripts and code versions for your various components
Lithnet FIM Service PowerShell Module (LithnetRMA)
The FIMAutomation module can do a lot, I find it is just overly complicated when we want to simply add, update, create and delete objects in the FIM service. It’s also very very slow. The Lithnet PowerShell module abstracts the complexity of the FIM service, and exposes a more natural and much faster set of cmdlets for working with the FIM service. It also comes with cmdlets to help you build XPath queries correctly, as well as the Import-RMConfig cmdlet for importing your configuration from files, as demonstrated in todays session. People using this module have reported their scripts improving from hours to minutes using this module. It’s also many orders of magnitude less PowerShell code to write and maintain.
Resources for Developers
Lithnet FIM Service Client (LithnetRMC)
If you have had to write .NET code to talk to the FIM service endpoints, you know how daunting this can be. The fim2010client on codeplex took us partially there by setting up the scaffolding for us, but still left us having to deal with the internals of the FIM service. The Lithnet FIM Service client is a nuget package you can install in your project, and start using simple, get, update, save operations. It’s fast, supports multi-threading out of the box, and has a complete MSDN-style documentation with examples on how to use it. The LithnetRMA PowerShell module, as well as the REST API are both lightweight wrappers for the functionality contained in this module.
Lithnet FIM Service REST API (LithnetRMWS)
Ever tried talking to the FIM service endpoints from a non-windows device such as linux? I don't recommend trying. The Lithnet FIM Service REST API exposes the FIM service using very simple JSON and standard REST API calls.
Want to see ACMA in action? Check out my presentation to the FIM team user group. You’ll get to see how you can easily create business rules, unit tests, and see some more advanced topics like creating admin accounts with the shadow object feature, and inheritance of values between referenced objects.
The Lithnet FIM Service toolkit contains the .NET client, PowerShell module, and REST API. You can see how these all work in this presentation to the FIM team user group.
FIM Team User Group
I highly recommend that you join the FIM Team User Group. The group meets monthly and experts from around the world present on various topics relating to FIM/MIM. It’s a great way to make connections, and learn how other people are solving challenges in the identity management space