none
Using ADFS to authenticate on a MIM user portal RRS feed

  • Question

  • Hi,

    MIM is implemented and working. PAM is setup and used. Now the MIM user portal is used to activate roles within MIM. So far everything is working.

    The users that should be accessing the MIM user portal are not in a trusted forest. The goal is to setup ADFS to grant access to the MIM user portal for the users in the non-trusted forest. It might be feasible as the MIM portal is based on sharepoint which supports claims based authentication? The forest containing the users is to be configured as the Account partner organization. The forest containing the MIM implementation is to be configured as the Resource partner organization.

    Is this a solution that could work?

    Thanks in advance
    T.


    • Edited by Trumpeteer Monday, January 8, 2018 3:17 PM
    Monday, January 8, 2018 2:53 PM

All replies

  • Is this a solution that could work?

    No, not possible I'm afraid. But this has been fed back to the PG.

    Regards,

    Tom Houston, UK Identity Management Practice

    • Proposed as answer by Guy Horn Tuesday, January 9, 2018 1:54 PM
    Monday, January 8, 2018 8:15 PM

  • Hi,
    I'm afraid there is some confusion here. Since I'm also interested in this function I'll try to clear things up.

    The requester asked for a way to use ADFS to activate PAM roles through the "MIM User Portal" He / she meant actually using the "Privileged Access Management REST API" based portal. He refers to the SharePoint based "MIM Portal" as well, which is the 'MIM Administration Portal'. There are two very different MIM portals in this story.


    I suggest to rephrase the question as: Provide 'Privileged Access Management REST API' and 'MIM Portal' to authenticate by SAML or any other federation standard.

    Greetings,
    Guy

    PS: Here is a ref to my Q.: https://social.technet.microsoft.com/Forums/en-US/0ddbf764-b3ab-42d4-8045-595d397a8cca/using-adfs-to-authenticate-on-a-privileged-access-management-rest-api-based-portal?forum=ilm2


    GH



    • Edited by Guy Horn Tuesday, January 9, 2018 1:55 PM
    Tuesday, January 9, 2018 1:41 PM
  • Not possible at all. SharePoint used for MIM is setup to not use CLAMS BASED Authentication. This is one of the steps required to make it work for MIM.

    Nosh Mernacaj, Identity Management Specialist

    Tuesday, January 9, 2018 2:19 PM
  • Well, it's possible to use ADFS WAP Kerberos reverse proxy authentication to authenticate to the MIM Portal. But don't confuse the MIM Portal with the PAM Portal, which I suspect is what the question is really about (it's how I ended up here after all). The PAM Portal is using the PAM REST API which does support ADFS authentication: 
    https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/privileged-access-management-rest-api-service-details


    Andreas Hultgren<br/> MCTS, MCITP<br/> <a href="http://ahultgren.blogspot.com/">http://ahultgren.blogspot.com/</a>

    Wednesday, January 24, 2018 11:43 AM