none
FIM 2010R2 Portal question RRS feed

  • Question

  • Hi all,

    is all the entries in the metaverse are necessarily present in Fim portal or we can filter eg: only active person ?

    Thanks in advance

     

    Wednesday, December 19, 2012 5:04 PM

Answers

  • There does not appear to be a supported way for the portal to be a filtered subset of your person identities in the sync engine's metaverse.  Microsoft intends for it to be a "mirror" of the metaverse.

    It is technically possible to write custom metaverse provisioning code that deprovisions some identities from the FIM MA based on your own logic, which would keep them from exporting.  However, if they later became "eligible" for the FIM MA/portal based on  your logic, and your code did not deprovision them, the connector would be added automatically but not all the attributes would export to the portal until a full sync touched the object.  This approach is likely unsupported, and may not save you from the need to purchase a CAL for the identity thus excluded.  You also may have errors on export depending on the attributes left out on the initial export of that object.

    You can determine which metaverse object types to map to the FIM portal object types, and those types not mapped would not go to the portal.  However, it's impossible to change a metaverse object's type without completely deprovisioning it and then re-projecting it back into the metaverse as a new object type.  That's painful enough I've never done it, and I believe is generally considered a poor design.

    Chris

    • Marked as answer by ADelon Wednesday, December 19, 2012 10:43 PM
    Wednesday, December 19, 2012 8:18 PM

All replies

  • There does not appear to be a supported way for the portal to be a filtered subset of your person identities in the sync engine's metaverse.  Microsoft intends for it to be a "mirror" of the metaverse.

    It is technically possible to write custom metaverse provisioning code that deprovisions some identities from the FIM MA based on your own logic, which would keep them from exporting.  However, if they later became "eligible" for the FIM MA/portal based on  your logic, and your code did not deprovision them, the connector would be added automatically but not all the attributes would export to the portal until a full sync touched the object.  This approach is likely unsupported, and may not save you from the need to purchase a CAL for the identity thus excluded.  You also may have errors on export depending on the attributes left out on the initial export of that object.

    You can determine which metaverse object types to map to the FIM portal object types, and those types not mapped would not go to the portal.  However, it's impossible to change a metaverse object's type without completely deprovisioning it and then re-projecting it back into the metaverse as a new object type.  That's painful enough I've never done it, and I believe is generally considered a poor design.

    Chris

    • Marked as answer by ADelon Wednesday, December 19, 2012 10:43 PM
    Wednesday, December 19, 2012 8:18 PM
  • Thank you Chris for this very clear answer.
    Wednesday, December 19, 2012 10:42 PM