none
I need an integrated web portal with active directory for public services (FIM is my solution?) RRS feed

  • Question

  • Hi Guys,

    I have deploying website, I decision using active directory for authentication/authorization/account(user store) for this website.

    At now I need a web portal that it is full integrated with active directory. 

    I want my public users can self-register to active directory through this web portal, and for authentication/authorization use the active directory. Actually I want this portal use the active directory's user store (DB) for add/edit users or like mirror status between user store (DB) either active directory and web portal. 

    1- Could you tell me, FIM is a good solution for this scenario?
    2- I see the last release of FIM was 2012 !!!!? This mean the Microsoft don't want support it and stop update stream?

    Note: I know, i shall use AD LDS for relation between AD and portal, and I should not directly connection between either.




    Tuesday, January 24, 2017 10:28 AM

All replies

  • SADEGH,
    Microsoft has not stopped the support. The new version of FIM is called MIM 2016 (Same product with new functionalities).  So FIM\MIM portal can do that definitely.

    Nosh


    Nosh Mernacaj, Identity Management Specialist

    Tuesday, January 24, 2017 2:43 PM
  • The FIM/MIM portal doesn't provide any facility to self-register.

    Tuesday, January 24, 2017 3:48 PM
  • Mark,

    You are correct.  I jumped too fast, thinking of self service capabilities, which are different from making a request to create an account. 

    You cannot login to FIM Portal if you don't have an account in AD and synchronized with FIM Portal.

    Nosh


    Nosh Mernacaj, Identity Management Specialist

    Tuesday, January 24, 2017 4:37 PM
  • Hi Mark and Nosh

    Thank you for your reply,

    Do you have any solution about self-registration in this scenario?

    What is your idea about using DotNetNuke (DNN)?

    Tuesday, January 24, 2017 6:00 PM
  • I am not familiar with the DNN, but usually this is handled as follows with FIM\MIM.

    A current user makes the request for new user and someone (one or many, Manager and or security, or HR) have to approve.  Upon all successful approvals, an account is created in FIM and then synched with AD.  This is for internal users.  I am not familiar with anything that allows users to request an account. I have created custom interfaces in the past for external users.  Internally, unless you have an account you have no way of logging in to the network.


    Nosh Mernacaj, Identity Management Specialist

    Tuesday, January 24, 2017 10:48 PM
  • Hi Nosh again,

    Very Thanks for your reply,

    I realized as follows from your content,

    1- I can use FIM/MIM in my scenario, but only for internal users or public/external users and no for either
    2- At first users should send a request for registration, this request will be save only to FIM/MIM (Don't save to AD)
    3- Someone (e.g. manager this mean any software can't do) survey this request and if is OK, approve it,
    4- After approval, this account by automatically sync with AD (At now this account will be on FIM/MIM and a copy on AD)
    5- From then on, if any users who want to edit their information, they can use self services on FIM/MIM interface. (Without approve by manager for sync to AD)
    6- With this scenario I have two users database: 1- On FIM/MIM 2- On Active Directory

    I have a new questions:
    1- If FIM/MIM's database of users be change ------> then AD database of users will be change?
    2- If AD database of users be change ------> then  FIM/MIM's database of users will be change?
    3- FIM/MIM have a registration form for using by  public users? (For send request for registration)

    Best Regards

    Wednesday, January 25, 2017 10:52 AM
  • No this is not accurate.  In order for a user to make a request for himself, he needs to first exist in AD and FIM (Impossible in this case)

    User A Cannot make a request to create an account for Himself

    User B (Already has an account in AD and FIM) can make a request to create account for user A (who is a new user) where manager C approves.

    External users are a different story.

    1- If FIM/MIM's database of users be change ------> then AD database of users will be change?

    YES and YES (but under my scenario)

    2- If AD database of users be change ------> then  FIM/MIM's database of users will be change?

    Configurable, up to you. Both are possible

    3- FIM/MIM have a registration form for using by  public users? (For send request for registration)

    NO -


    Nosh Mernacaj, Identity Management Specialist

    Wednesday, January 25, 2017 12:49 PM
  • Nosh

    Thank you again,

    So by this plan, I can't implement my scenario. Because I want use active directory as my user store in my website, this mean I want provide public services to public users.

    With this plan (using FIM/MIM), I can't provide any self-services (e.g. self-registration) to public users.

    Is this true? 

    I shall find another solutions.

    Wednesday, January 25, 2017 3:20 PM
  • Correct.


    Nosh Mernacaj, Identity Management Specialist

    Wednesday, January 25, 2017 3:22 PM