A user synced from external AD is unabled to access FIM Portal(present in different domain and different forest). RRS feed

  • Question

  • Hi,

    In our environment, we have two AD's (Domain A and Domain B) in two different forests. The FIM is located in Domain A. Now, i am trying to sync a user from AD domain B to FIM. I got synced and created at FIM(Domain A). But the domain attribute in FIM is not populating with the external Domain i.e. Domain B, and the user is also unable to access the FIM Portal.

    Could you please help me out. Please let me know if any configurations have to be done in FIM portal for an external user to access the FIM portal.



    Tuesday, March 3, 2015 8:56 AM

All replies

  • If you use separate management agents for separate domains, the best option would be to import "Domain" attribute as a constant flows - in domain A it would be DomainA, for domain B - DomainB.

    Then you can simply export this as a domain attribute to FIM Portal and it should work.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, March 3, 2015 9:31 AM
  • Hi,

    Thanks for replying....

    But, in FIM potal, the Domain attribute is not populated with "Domain B" initially. I have created domain configuration for "Domain B" and then i am able to see that in "Domain" attribute.

    The acctname, ObjectSID, domain are populated at FIM. And the required below MPR's are also enabled.

    • General: Users can read non-administrative configuration resources”
    • “User management: Users can read attributes of their own”

    When i try to access FIM Portal, i am getting an error "Logon Failure: user has not been granted the requested logon type  at this computer"

    Please help me out...

    Tuesday, March 3, 2015 2:57 PM