none
Appliction password Sync in Multidomain

    Question

  • Hi FIM Team

    I have a Single Forest Muliple Domain in Different countries. every country has there applicatioins athenticate with there own domain.

    can i access application in orther domain using FIM.

    Example

    Assume i have 3 domains africa.com , Asia.com , europe.com

    every country has there own aplications athenticates with there own domains.

    can africa.com users access applications in europe.com domain using FIM and can we use SSO ?

    thanks

    Asela Aluthge


    Asela Aluthge

    Saturday, January 12, 2013 5:53 AM

Answers

  • Couldn't you just use trusts between the domains in order to achieve SSO in your environment?

    Depending on how your environment is built it might already be configured for you.


    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    • Marked as answer by Asela Aluthge Saturday, January 12, 2013 5:56 PM
    Saturday, January 12, 2013 4:11 PM
  • On Sat, 12 Jan 2013 05:53:14 +0000, Asela Aluthge wrote:

    Assume i have 3 domains africa.com , Asia.com , europe.com

    every country has there own aplications athenticates with there own domains.

    can africa.com users access applications in europe.com domain using FIM and can we use SSO ?

    FIM has nothing at all to do with authentication, so no, it can't.

    You may be able to do something with Active Directory Federation Services.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    To err is human; to really foul things up requires a computer.

    • Marked as answer by Asela Aluthge Saturday, January 12, 2013 5:57 PM
    Saturday, January 12, 2013 6:26 AM

All replies

  • On Sat, 12 Jan 2013 05:53:14 +0000, Asela Aluthge wrote:

    Assume i have 3 domains africa.com , Asia.com , europe.com

    every country has there own aplications athenticates with there own domains.

    can africa.com users access applications in europe.com domain using FIM and can we use SSO ?

    FIM has nothing at all to do with authentication, so no, it can't.

    You may be able to do something with Active Directory Federation Services.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    To err is human; to really foul things up requires a computer.

    • Marked as answer by Asela Aluthge Saturday, January 12, 2013 5:57 PM
    Saturday, January 12, 2013 6:26 AM
  • Couldn't you just use trusts between the domains in order to achieve SSO in your environment?

    Depending on how your environment is built it might already be configured for you.


    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    • Marked as answer by Asela Aluthge Saturday, January 12, 2013 5:56 PM
    Saturday, January 12, 2013 4:11 PM
  • None of the FIM components provide SSO features, therefore FIM is not an SSO solution.
     
    FIM can provision objects in multiple connected datasources (e.g. AD) with the same name and password, but I would not consider that SSO
     
    By just looking at Windows you can achieve SSO in your environemt by setting up external or forest trusts
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "Asela Aluthge" wrote in message news:3d5f6ade-545c-47a3-8cca-66bd4f0b9da9@communitybridge.codeplex.com...

    Hi FIM Team

    I have a Single Forest Muliple Domain in Different countries. every country has there applicatioins athenticate with there own domain.

    can i access application in orther domain using FIM.

    Example

    Assume i have 3 domains africa.com , Asia.com , europe.com

    every country has there own aplications athenticates with there own domains.

    can africa.com users access applications in europe.com domain using FIM and can we use SSO ?

    thanks

    Asela Aluthge


    Asela Aluthge


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Saturday, January 12, 2013 9:36 PM
  • I just misread it....
     
    >>>>By just looking at Windows you can achieve SSO in your environemt by setting up external or forest trusts
     
    no need to do this. If you have a single AD forest that contains multiple AD domains you already have transitive trusts between the AD domain and with that you have SSO based upon windows authentication (NTLM or Kerberos)
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "Jorge de Almeida Pinto [MVP-DS]" <SubstituteThisWithMyFullNameSeparatedByDots@gmail.com> wrote in message news:d91ad72b-5371-4f51-b048-2298cb40ad0c@communitybridge.codeplex.com...
    None of the FIM components provide SSO features, therefore FIM is not an SSO solution.
     
    FIM can provision objects in multiple connected datasources (e.g. AD) with the same name and password, but I would not consider that SSO
     
    By just looking at Windows you can achieve SSO in your environemt by setting up external or forest trusts
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "Asela Aluthge" wrote in message news:3d5f6ade-545c-47a3-8cca-66bd4f0b9da9@communitybridge.codeplex.com...

    Hi FIM Team

    I have a Single Forest Muliple Domain in Different countries. every country has there applicatioins athenticate with there own domain.

    can i access application in orther domain using FIM.

    Example

    Assume i have 3 domains africa.com , Asia.com , europe.com

    every country has there own aplications athenticates with there own domains.

    can africa.com users access applications in europe.com domain using FIM and can we use SSO ?

    thanks

    Asela Aluthge


    Asela Aluthge


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/

    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Saturday, January 12, 2013 9:48 PM