A few Questions about FIM setup RRS feed

  • Question

  • I'm planning on implementing FIM in the near future, on a single server. I'm not 100% clear on SPN's i will need, as I've not used them before. I would appreciate any pointers.

    I'm planning on using the following URL's.

    With the following users setup:


    SA-FimService (email enabled)


    Given the previous information what SPN's do i actually need?

    Thursday, May 1, 2014 7:44 AM

All replies

  • You don't have two another inputs:

    • - address which other services would use to connect to FIMService
    • SA-FIMWebApp - service account that would hold FIMPortal
    • SA-FIMPassAccount - if you would like to run Password portals on different account than FIMPortal

    so you would need the following SPNs:

    • setspn -s FIMService/ Local\SA-FimService
    • setspn -s HTTP/ Local\SA-FIMWebApp
    • setspn -s HTTP/ Local\SA-FIMPassAccount (or Local\SA-FIMWebApp)
    • setspn -s HTTP/ Local\SA-FIMPassAccount (or Local\SA-FIMWebApp)

    Then, configure delegation Local\SA-FIMWebApp to Local\SA-FimService and Local\SA-FimService to Local\SA-FimService.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Thursday, May 1, 2014 9:18 AM
  • HI,

    You have create SPN for SA-FimService and the account which is used for Sharepoint Administration Portal only.

    Other accounts doesnt need any SPN.

    For FimServie:

    setspn –S FIMService/<alias> <domain>\<serviceaccount>

    For Sharepoint:

    setspn –S HTTP/<FIMPortalAlias> <domain>\<sharepointserviceaccount>

    Let me know if you need more information

    Thanks & Regards,

    Ankit Gupta 

    Thursday, May 1, 2014 11:22 AM
  • thanks for the reply.

    Is it not ok to run the iis FIMPortal on the same account as fim service? (SA-FimService in my case)

    Thursday, May 1, 2014 12:42 PM
  • It's not a best practice



    Friday, May 2, 2014 10:31 AM