2. EXTENDING FOREFRONT IDENTITY MANAGER Phil Whipps Principal Consultant CGI Australia SESSION CODE: SEC304 (c) 2011 Microsoft. All rights reserved.

3. Agenda ► FIM 2010 Overview ► Portal Customisation ► Custom Applications – Silverlight Contractor Portal Demo ► PowerShell ► Workflows ► Application Integration – Twitter ECMA 2 Demo - @FIMTips ► HealthSMART Case Study (c) 2011 Microsoft. All rights reserved.

4. FIM 2010 Overview Evolution UserMgmt GroupMgmt CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement R2

5. FIM Extension Points (c) 2011 Microsoft. All rights reserved.

6. PORTAL CUSTOMISATION FIM Extension Points (c) 2011 Microsoft. All rights reserved.

7. FIM Customisations Portals ► Portal Theme – Corporate Logos & Style ► Portal Config / Search Scopes ► RCDC’s – Create / Edit / View ► Schema – Custom resources & Attributes (c) 2011 Microsoft. All rights reserved.

8. FIM Customisations Portals (c) 2011 Microsoft. All rights reserved.

9. FIM Customisations Portals (c) 2011 Microsoft. All rights reserved.

10. CUSTOM APPLICATION -WS FIM Extension Points (c) 2011 Microsoft. All rights reserved.

11. FIM Customisations Custom - WS ► Web service APIs ► Multiple Endpoints – Create – Resource Factory – Edit / Delete – Resource – Alternate endpoint – Anonymous access – Security Token Service (STS) ► Additional uses – Client based application – Password reset – Web based application (Silverlight Demo) – ADFS attribute store (c) 2011 Microsoft. All rights reserved.

12. Silverlight Integration

13. POWERSHELL FIM Extension Points (c) 2011 Microsoft. All rights reserved.

14. FIM Customisations Powershell ► FIMAutomation snapin – Export-FIMConfig / Import-FIMConfig – ConvertFrom-FIMResource / ConvertTo-FIMResource – Join-FIMConfig – Compare-FIMConfig ► Migration Between Environments ► Bulk import or export ► FIM Scriptbox ► FIM Powershell Commandlets (c) 2011 Microsoft. All rights reserved.

15. DEV Export PROD Export JOIN COMPARE IMPORT Generates the deltas Joins matching objects FIM Customisations Powershell - Migration

16. (c) 2011 Microsoft. All rights reserved. FIM Customisations Powershell

17. CUSTOM WORKFLOWS FIM Extension Points (c) 2011 Microsoft. All rights reserved.

18. FIM Customisations Workflows ► Custom business policy Integration ► Windows Workflow Foundation ► Activity (Service) / Activity Settings Part (Portal) ► Pass values to Workflow Parameters ► Authentication / Authorization / Action (c) 2011 Microsoft. All rights reserved.

19. FIM Customisations Workflows (c) 2011 Microsoft. All rights reserved. Committed to DatabaseRights based MPR

20. FIM Customisations Workflows (c) 2011 Microsoft. All rights reserved. Synchronisation Service – No AuthN / AuthZ

21. Out Of the Box Activities Lockout GateAuthN Used by password registration to lock on to many failed attempts QA GateAuthN Question and Answers for password reset Function EvaluatorAuthZ / Action A handful of functions to used in workflow NotificationAuthZ / Action Email a user – based on an email template Filter ValidationAuthZ List of “Allowed” attributes for Sets & Groups Group ValidationAuthZ Validates attributes on groups – eg must have alias on distribution lists ApprovalAuthZ Send Approval email – based on an email template Password ResetAction Resets the password for the user Synchronization RuleAction Assigns an ERE to a Resource for Outbound Sync (c) 2011 Microsoft. All rights reserved.

22. Customisation - Workflow Activity

24. EXTENSIBLE MANAGEMENT AGENTS FIM Extension Points (c) 2011 Microsoft. All rights reserved.

25. FIM Customisations Extensible Management Agents ► Cookie cutter for application Integration ► Export / Import / Password sync ► Can be packaged and deployed to other Sync Servers ► Enterprise applications ► Cloud based services (c) 2011 Microsoft. All rights reserved.

26. FIM Management Agents AD Domain Services2000, 2003, 2003 R2, 2008, 2008 R2Call-based AD Lightweight Directory Services (ADLDS) Call-based AD Global Address List (GAL)Exchange 2000, 2003, 2007, 2010Call-based Attribute-Value Pair text fileAttribute-value pair text filesFile-based FIM Certificate ManagementFIM 2010 Certificate ManagementCall-based Delimited text fileDelimited text filesFile-based Directory Services Mark-up Language (DSML)Directory Services Markup Language (DSML) 2.0File-based Fixed-Width text fileFixed-width text filesFile-based FIM ServiceForefront Identity Manager 2010Call-based IBM DB2 Universal DatabaseDB2 v9.1 or v9.5Call-based IBM Directory ServerIBM Tivoli Directory Server 6.0 or 6.2Call-based LDAP Data Interchange Format (LDIF) File-based Lotus NotesLotus Notes Release v6.5 or v7.0Call-based Novell eDirectoryNovell eDirectory version 8.7.3 or 8.8.5Call-based Oracle DatabaseOracle Database 10g, 11g (64 Bit)Call-based SAP R/3R/3 Enterprise (4.7) / mySAP 2004 (ECC 5.0)File-based Microsoft SQL ServerSQL Server 2000, 2005, 2008Call-based Sun and Netscape Directory ServersSun Directory Server 5.x and 6.xCall-based

27. FIM Customisations ECMA 2 Features ► Call based Import ► Batched Import & Export ► Schema / Partition discovery ► Customizable parameters & Interface ► Definable capabilities (c) 2011 Microsoft. All rights reserved.

28. FIM Customisations ECMA 2 Features (c) 2011 Microsoft. All rights reserved.

29. FIM Customisations ECMA 2 Features (c) 2011 Microsoft. All rights reserved. ► String (RegEx validation) ► Label (descriptive text) ► String Encrypted ► Text (multi-line) ► Checkbox ► Divider ► Drop down ► File

30. ECMA 2 – Twitter Integration

31. HealthSMART Case study (c) 2011 Microsoft. All rights reserved.

32. NEXT STEPS FIM Extensibility Roadmap http://msdn.microsoft.com/en-us/library/ff182370.aspx Portal Customisation http://technet.microsoft.com/en-us/library/ee534913(WS.10).aspx Web Service http://fim2010client.codeplex.com/ FIM Script Box http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/807617bc-b560-4cbe-a137-b9f338bfbd8e/ FIM Powershell Cmdlets http://fimpscmdlets.codeplex.com/ Custom Workflow http://msdn.microsoft.com/en-us/library/ee652258.aspx XMA 2.0 https://connect.microsoft.com/site433/fimcep FIM TIPs http://www.fimtips.com @FIMTips (c) 2011 Microsoft. All rights reserved.

33. Enrol in Microsoft Virtual Academy Today Why Enroll, other than it being free? The MVA helps improve your IT skill set and advance your career with a free, easy to access training portal that allows you to learn at your own pace, focusing on Microsoft technologies. What Do I get for enrolment? ► Free training to make you become the Cloud-Hero in my Organization ► Help mastering your Training Path and get the recognition ► Connect with other IT Pros and discuss The Cloud Where do I Enrol? www.microsoftvirtualacademy.com Then tell us what you think. TellTheDean@microsoft.com

34. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. (c) 2011 Microsoft. All rights reserved.

35. www.msteched.com/Australia Sessions On-Demand & Community http:// technet.microsoft.com/en-au Resources for IT Professionals http://msdn.microsoft.com/en-au Resources for Developers www.microsoft.com/australia/learning Microsoft Certification & Training Resources Resources (c) 2011 Microsoft. All rights reserved.