none
Security Group Lifecycle Management

    Question

  • I am looking to implement group managment via FIM within our organization.  Along with this I would however like to add some lifecycle managment onto to these groups.  Other than an setting an expiration date on the groups what other options are out there?  I would obviously like to have this automated as possible.  Major concerns are scenarios where a group owner gets terminated can this trigger a change in ownership of the group etc...

    Tuesday, August 27, 2013 8:18 PM

Answers

  • Well - this is completely feasible but will require you or someone in your name to perform some work as scenario as you've described is not included out of the box. you nee to put custom workflow in place probably with some activities (even if it will be only PShell activity and scripts). Actually I've just finished implementation of such scenario for customer, so it is doable.

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Tuesday, August 27, 2013 10:28 PM

All replies

  • Well - this is completely feasible but will require you or someone in your name to perform some work as scenario as you've described is not included out of the box. you nee to put custom workflow in place probably with some activities (even if it will be only PShell activity and scripts). Actually I've just finished implementation of such scenario for customer, so it is doable.

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Tuesday, August 27, 2013 10:28 PM
  • To validate Tomasz's reply, I've done the same (and more) and even did the workflows in PowerShell.  So yup, totally possible.

    CraigMartin – Edgile, Inc. – http://identitytrench.com

    Friday, August 30, 2013 11:45 PM