1 / 11

Comprehensive Guide to Microsoft Forefront Identity Manager (FIM) Implementation

Explore the intricacies of FIM, its role in managing identities, differences from ILM, benefits to administrators and users, integration with Office 365, and timelines for implementation.

griffith-myers
Télécharger la présentation

Comprehensive Guide to Microsoft Forefront Identity Manager (FIM) Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s FIM all about?

  2. Agenda • What is FIM • Why are we implementing FIM • How is FIM related to Office 365 • What will FIM do • How does FIM differ from ILM (current solution) • What does FIM mean to administrators • What does FIM mean to users • When will FIM be implemented

  3. What is FIM? • Microsoft Forefront Identity Manager • Identity Management • Applies business rules to provision and de-provision BLUE Accounts • Recognizes HRMS, Banner, and Guest table as authoritative source systems • Manages accounts for alumni and retirees • Manages email address lifecycle • Better manage guest accounts with and without email

  4. Why are we implementing FIM • Product upgrade to ILM • Has been running at CU for over 3 years • Office 365 required changes to accounts to AD • Fixes logic in ILM that never worked • Better manages to deletion of abandoned accounts • Adds functionality that was not included in ILM • Centralizes logic in FIM • Simplifies complex licensing requirements from Microsoft • Enable to University to offer email to alumni and retirees

  5. How is FIM related to Office 365 • Office 365 requires accounts to be configured in a specific way • FIM writes and manages attributes in AD required for Office 365 • FIM and Office 365 can exist without each other • FIM streamlines management of AD accounts, Microsoft licensing, and mailbox management • Students have migrated to Office 365 without FIM, but we did have to make manual adjustments to accounts to make this work. • These manual adjustments could not be managed long-term • FIM makes it easier to manage accounts in the manner required by Office 365

  6. What will FIM do? • Primarily FIM creates, manages, disables and deletes AD accounts in accordance with business rules. • Creates hidden accounts for accepted students • Unhide accounts when student enrolls • Maintains student account based on Banner data • Manages guest accounts based on start and end date • Manages employee accounts based on HRMS data • Manages all changes to students, employees, and guests • Maintains specific attributes required by Office 365

  7. How does FIM differ from ILM • ILM is fed by three ‘feeds’ so it does not know if a person is both a student and employee • FIM is fed by a single ‘feed’ with with data about students, staff, and guests • ILMs Logic is contained in ILM and in the ‘feeds’ it gets from HR, Banner, and Guests • FIMs logic is contained within FIM • FIM will do the same things that ILM does, just better

  8. What does FIM mean to administrators? • ILM created new users in MigratedUsers OU and adminstrators could move the account to their own OUs • Resulting in user objects spread inconsistently across the AD • FIM will move and create all users in the UserObjects OU • Microsoft best practice for AD management • Group Policies Objects applied to user accounts must be updated • GPOs applied to computer objects will not be affected • All other AD permissions and clean up have nothing to do with FIM

  9. What does FIM mean to users? • FIM will handle changes to user much better than ILM • Ex. When someone changes their name with HR the name change will be processed by FIM and a new email address will automatically be created • Manages the AD account throughout all stages in the lifecycle of a user • FIM allows alumni and retirees to keep their AD accounts • FIM allows for email addresses to be tied to an individual just like NetID • If a former student comes back to CU years later as a faculty member they will get their same email address

  10. When will FIM be implemented? • Soon • We are in the final stages of testing • Project started last Fall • We had hoped to get FIM turned on in time for graduation • Admissions offices and Alumni offices create unique challenges on the activation of FIM • Once FIM is live all new account will be created with mailboxes in the ‘cloud’

  11. Q&A • Any questions?

More Related