Comprehensive Overview of Forefront Identity Manager (FIM)
Forefront Identity Manager (FIM) is a Microsoft solution that applies business rules to manage Active Directory accounts effectively. It streamlines account provisioning, de-provisioning, and attribute management for various user categories like students, employees, alumni, and retirees. FIM centralizes logic, simplifies licensing requirements, and ensures compliance with Office 365 standards, enhancing account management efficiency and security.
Uploaded on Oct 01, 2024 | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current solution) What does FIM mean to administrators What does FIM mean to users When will FIM be implemented
What is FIM? Microsoft Forefront Identity Manager Identity Management Applies business rules to provision and de-provision BLUE Accounts Recognizes HRMS, Banner, and Guest table as authoritative source systems Manages accounts for alumni and retirees Manages email address lifecycle Better manage guest accounts with and without email
Why are we implementing FIM Product upgrade to ILM Has been running at CU for over 3 years Office 365 required changes to accounts to AD Fixes logic in ILM that never worked Better manages to deletion of abandoned accounts Adds functionality that was not included in ILM Centralizes logic in FIM Simplifies complex licensing requirements from Microsoft Enable to University to offer email to alumni and retirees
How is FIM related to Office 365 Office 365 requires accounts to be configured in a specific way FIM writes and manages attributes in AD required for Office 365 FIM and Office 365 can exist without each other FIM streamlines management of AD accounts, Microsoft licensing, and mailbox management Students have migrated to Office 365 without FIM, but we did have to make manual adjustments to accounts to make this work. These manual adjustments could not be managed long-term FIM makes it easier to manage accounts in the manner required by Office 365
What will FIM do? Primarily FIM creates, manages, disables and deletes AD accounts in accordance with business rules. Creates hidden accounts for accepted students Unhide accounts when student enrolls Maintains student account based on Banner data Manages guest accounts based on start and end date Manages employee accounts based on HRMS data Manages all changes to students, employees, and guests Maintains specific attributes required by Office 365
How does FIM differ from ILM ILM is fed by three feeds so it does not know if a person is both a student and employee FIM is fed by a single feed with with data about students, staff, and guests ILMs Logic is contained in ILM and in the feeds it gets from HR, Banner, and Guests FIMs logic is contained within FIM FIM will do the same things that ILM does, just better
What does FIM mean to administrators? ILM created new users in MigratedUsers OU and adminstrators could move the account to their own OUs Resulting in user objects spread inconsistently across the AD FIM will move and create all users in the UserObjects OU Microsoft best practice for AD management Group Policies Objects applied to user accounts must be updated GPOs applied to computer objects will not be affected All other AD permissions and clean up have nothing to do with FIM
What does FIM mean to users? FIM will handle changes to user much better than ILM Ex. When someone changes their name with HR the name change will be processed by FIM and a new email address will automatically be created Manages the AD account throughout all stages in the lifecycle of a user FIM allows alumni and retirees to keep their AD accounts FIM allows for email addresses to be tied to an individual just like NetID If a former student comes back to CU years later as a faculty member they will get their same email address
When will FIM be implemented? Soon We are in the final stages of testing Project started last Fall We had hoped to get FIM turned on in time for graduation Admissions offices and Alumni offices create unique challenges on the activation of FIM Once FIM is live all new account will be created with mailboxes in the cloud
Q&A Any questions?