FIM - BHold User attestation for applications storing role information in user attributes RRS feed

  • Question

  • Hi, I need help in implementing FIM Bhold user attestation for following scenario -

    -          FIM 2010 R2 is implemented at Customer site.

    -          FIM R2 is integrated with two types of applications -      

    • Applications whose roles are managed by AD Security groups,  and
    • Application who do not manage their roles using AD Security groups, but store role attributes at user’s profile of the application.

    -          The requirement of customer is to implement MS BHold user attestation for the FIM integrated applications

    -          For attesting the applications, BHold stores users and groups for each application, in its own database. Groups store references to members of the group. BHold groups (or permissions) can be mapped to roles or permissions of applications.

    -          However, some applications simply store role information in some attribute(s) of user object. These applications do not have any separate role objects referencing users who carry that role. Hence we do not have any role object of application which can be mapped to BHold groups.  So, for such applications how will BHold identify the roles which users have at the application as - mapping application group and BHold group is not possible?

    Mayank Vaish

    Tuesday, June 18, 2013 10:52 AM