How to handle multiple accounts in one system RRS feed

  • Question

  • I need to find some information regarding how you can handle a scenario where a single user has multiple accounts in one system. The problem is described but not answered in the posting New MV and FIM DB Object Type - Account

    I've seen the discussion pop up now and then, but never (in my mind) satisfactory answered.

    I need to be able to provision and join any number of accounts to a single Person entity in FIM. The binding can be indirect through an intermidiary entity as discussed in the above post or direct if possible.

    FIM still needs to be able to separate the accounts managed group memberships in one system while maintaining the ability to request and be given memberships for the individual accounts. There would also be other concerns to adress such as provisioning policys, attestation, authorization and such that would need to be adressed.

    AD MA may be handled as a special case where you join the accounts needed to bind the authentication to FIM in one MA (thus filtering the accounts to a 1-1 ratio) and handle the provisioning and policy in another AD MA (if needed). All other MA need to be able to handle a 1-n ratio to the FIM Person entity as described.

    While a discussion on the topic is welcome, what I'm looking for is a description, blog post, whitepaper or other that details the scenario and an implementation. I would say that this scenario is a rule rather than an exception in an enterprise enviroment.


    • Edited by Mats Hulten Wednesday, December 12, 2012 11:24 AM Spelling
    Wednesday, December 12, 2012 9:35 AM