Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIM Workflows with PowerShell

Published byAlfred Southwick Modified over 9 years ago

Similar presentations

Presentation on theme: "FIM Workflows with PowerShell"— Presentation transcript:

1 FIM Workflows with PowerShell
Identity Management | Data Protection | Authentication Strategies FIM Workflows with PowerShell Presented by Craig Martin October 2013 © 2013 Edgile, Inc. – All Rights Reserved

2 Edgile Introduction Established in 2001 by Partners and Senior Managers from Deloitte to Deliver Security Solutions to Leading Companies: Microsoft Security Solutions from the boardroom to the network Addressing the most challenging security issues confronting our customers Long-term relations driving solutions from strategy to deployment Edgile Exceeds Big-4 in Quality and Style: Senior resources with real world experience Small, focused and capable teams Senior technologist High Low Boutiques MS Expertise VARS Competitors Junior Resources, High % of Clients Not Reference-able Big 4 Low High Professionalism

3 1 2 3 4 5 FIM PowerShell Workflows Table of Contents
FimPowerShellWF.codeplex.com 2 Installing the Activity 3 The FIM Request Processor 4 Creating Workflow Scripts 5 Debugging Workflow Scripts

4 FIM PowerShell Workflow Activity
announcing FIM PowerShell Workflow Activity

5 FimPowerShellWF.codeplex.com I use it in production on some very large deployments

6 Installing the Activity
Add the DLL to the GAC Update the FIM Service configuration file Create a FIM Person object for the FIM Service service account [Optional] Enable Tracing [Optional] Create a Windows EventLog Source

7 Installing the Activity
### ### Add the FIM snap-in and the super-awesome FIM PowerShell Module Add-PSSnapin fimautomation Import-Module .\FimPowerShellModule.psm1 ### Install the FIM PowerShell WF Activity .\Install-FimPowerShellWF.ps1 .\Update-FimServiceConfigFile.ps1 .\Create-FimServiceAccountAsFimPerson.ps1

8 FIM Service Pipeline Every request to the FIM Services passes through the request pipeline Workflows can be triggered via policy at each step New Request Permissions Validation Authentication Authorization Action (Response) Access control policies applied Defined in management policy rules User identity validation Self-service password reset One-time pass code integration Manager approval Data input validation Last chance to reject a request Successful request response workflow Most common extensibility point

9 Why PowerShell Workflow Scripts?
Once you get PowerShell, these are very quick to produce Easy to develop, test and debug Good Instrumentation

10 Why –not PowerShell Workflow Scripts?
Your team already has WF/C# skills You need the FIM building block activities Performance penalty of a PowerShell WF is not acceptable

11 What can you do from that script?
Pretty much anything PowerShell will let you do (limited mostly by your imagination) Integrate with Active Directory Integrate with O365 Integrate with the FIM Service For example, using the FIM PowerShell Module

12 What can’t you do from that script?
Authentication Activities Collateral FIM Requests FIM Impersonation Custom Approvals *Use .NET Framework 4.0 and above *Use PowerShell V3+ modules *workaround is to use WinRM

13 AuthZ WF Sample throw "Solve My Riddle!"

14 Viewing the Workflow in FIM

15 View a FIM Request that hit AuthZ

16 DEMO AuthZ Workflows

17 Anatomy of a FIM Request
Property Description $fimwf.RequestID The GUID of the Request object in FIM $fimwf.TargetID The GUID of the FIM object being acted on $fimwf.ActorID The GUID of the FIM object that submitted the Request $fimwf.WorkflowDefinitionID The GUID of the Workflow being executed $fimwf.WorkflowDictionary The dictionary of items for the current Request phase

18 Reading FIM Request Details
MyPowerShellWorkflow.PS1 ### Get the GUID of the Request object in FIM $fimwf.RequestID ### Get the GUID of the FIM object being acted on $fimwf.TargetID ### Get the GUID of the FIM object that submitted the Request $fimwf.ActorID ### Get the GUID of the Workflow being executed $fimwf.WorkflowDefinitionID ### Get the dictionary of items for the current Request phase $fimwf.WorkflowDictionary

19 Getting Objects from FIM
MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 ### Get the Request Write-Verbose ("Getting the Request by ObjectID: {0}" -F $fimwf.RequestId.Guid) $Request = Export-FimConfig -Custom ("/*[ObjectID='{0}']" -F $fimwf.RequestId.Guid)| Convert-FimExportToPSObject

20 Getting Request Parameters
MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 ### Get the Request Write-Verbose ("Getting the Request by ObjectID: {0}" -F $fimwf.RequestId.Guid) $Request = Export-FimConfig -Custom ("/*[ObjectID='{0}']" -F $fimwf.RequestId.Guid)| Convert-FimExportToPSObject ### Get the Request Parameters $Request | Get-FimRequestParameter

21 Viewing PowerShell Trace Output
DEMO Viewing PowerShell Trace Output

22 Debugging a Workflow Script
MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 <# ### Mock objects for testing $RequestId = New-Object PSObject $TargetId = New-Object PSObject $ActorId = New-Object PSObject $WorkflowDefinitionId = New-Object PSObject $fimwf = New-Object PSObject TargetId = $TargetId RequestID = $RequestId ActorId = $ActorId WorkflowDefinitionId = $WorkflowDefinitionId } #>

23 Debugging a Workflow Script (Sneaking Code Into Comments)
MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 <# ### Mock objects for testing $RequestId = New-Object PSObject $TargetId = New-Object PSObject $ActorId = New-Object PSObject $WorkflowDefinitionId = New-Object PSObject $fimwf = New-Object PSObject TargetId = $TargetId RequestID = $RequestId ActorId = $ActorId WorkflowDefinitionId = $WorkflowDefinitionId } #>

24 Debugging a Workflow Script
DEMO Debugging a Workflow Script

25 PowerShell WF Activity Roadmap
Implementation of script retry and delay ETW tracing Event log integration Better AuthZ model

Download ppt "FIM Workflows with PowerShell"

Similar presentations

Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS

Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Welcome Course 20410B Module 0: Introduction Audience

Welcome Course 20410B Module 0: Introduction Audience
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Sage CRM Developers Course

Sage CRM Developers Course
Windows.Net Programming Series Preview. Course Schedule - 2014 CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
Deploying and Managing Windows Server 2012

Deploying and Managing Windows Server 2012
Electronically approve and create Suppliers in Oracle Financials using a combination of APEX and Oracle Workflow. NZOUG Conference 2010 Brad Sayer Team.

Electronically approve and create Suppliers in Oracle Financials using a combination of APEX and Oracle Workflow. NZOUG Conference 2010 Brad Sayer Team.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance

Similar presentations

Ads by Google