none
Can you monitor attribute changes in FIM 2010? RRS feed

  • General discussion

  • Is there a way in FIM 2010 to monitor attribute changes?  Example:  can you monitor the changing of displayname for instance?  If so how?
    Wednesday, September 12, 2012 5:46 PM

All replies

  • Hi Gene,

    Are you wanting to monitor it as part of the changes in the Sync Engine, portal or the data source like AD?


    Visit My Blog: http://theidentityguy.blogspot.com/

    Thursday, September 13, 2012 4:01 AM
  • My first question would be actually what do you mean by "monitor"? To trigger a process on change? To block it and report it?  To handle this in some way? Giving us a clue what you need to achieve  from business perspective would make answering this question much easier :)

    Thursday, September 13, 2012 10:49 AM
  • What we would like to do is get an alert that is logged when a change to an attribute is made.  For instance if a user's displayname is changed for whatever reason we are able to log that change.

    Is there anyway to do that internally in FIM or is there a third party tool that can do it?

    Monday, September 17, 2012 3:50 PM
  • Hi.

    There are some solutions for this. We wrote a custom ECMA 2 Connector that exports the important attributes from the metaverse to a database table using SCD so that you always can see what values that are active between two points in time (ValidFrom/ValidTo columns where ValidTo is null when that is the active row). It has shown invaluable to follow up claims like "this is not what it was yesterday".

    We also have the same MA to send out events when attribute-changes occur to an ESB so that other systems may react to provision/deprovision/enable access/disable access and attribute changes.

    I have however not heard of an off the shelf product that does this.

    Best regards
    Hakan


    Best regards Håkan Andersson

    Monday, September 17, 2012 5:28 PM
  • Hi Gene,

    If you are only planning to do this via the Sync Engine, you can easily do it in a custom flow rule to check the mventry with the presented csentry value and if they differ you can raise the alert (either to an MA like Hakan suggested or via an email sent). If you want historical tracking and audit capabilities of changes a better solution would be to look at the reporting component that is part of FIM 2010 R2 as it can give you a lot more information than purely monitoring a set of attributes.


    Visit My Blog: http://theidentityguy.blogspot.com/

    Tuesday, September 18, 2012 2:04 AM