FIM 2010 CAL license query RRS feed

  • Question

  • Hi Guys,

    Our client Is actually a museum/ Exhibition still not operational. We are managing identities based on user webmember registration. Basically if any visitor comes to our museum/Exhibition and if he subscribe any membership we will create a AD user account and provide access to application based on his subscription. The number of managing identities through FIM Sync engine is keep on increasing. That’s not a problem. The problem is we are going to hire 600 staffs. We want to manage 600 staffs through FIM Portal, and we plan to provide password reset portal and group management. But, in FIM Sync MV will have all web registers and 600 staffs. So, do we need to purchase only 600 CAL license or we need to buy CAL for all the users in Metaverse? Currently we have only FIM server license. Without Purchasing CAL license can we implement SSPR atleast?

    Tuesday, October 4, 2016 6:17 AM

All replies


    Does the external connectors section that I've linked help you?

    Tuesday, October 4, 2016 9:32 AM
  • Hi,

    Thank you for your response. Actually we are creating AD user accounts for the visitors who subscribing our exhibition memberships. And applications role permissions are happening through AD security groups. So we don't want them to put them in external connector category. As per my understanding FIM CAL is required for all the user accounts in Metaverse if we used FIM portal and its components. But, my query is can we get only CALS for our staffs alone? but, in MV both staff and external visitors will be there.

    Tuesday, October 4, 2016 11:00 AM
  • Hi

    Look at this Link here

    You can see, that a CAL is only required when you use Group Management, PWD Reset, Declarative Sync Rules and / or Reporting.

    In case you use Codeless Provisioning for all your accounts you also need CALs for all of them. But if you write your Sync Logic in MVExtension and MAExtensions you do not need any CALs (it says: A CAL is not required for customers only using the Forefront Identity Manager synchronization service)

    Because you plan to manage your employees through the Portal, you only need CALs for the employees. In this case you must split your sync logic in parts for employees done in the portal and the other parts done in the Metaverse or do everything in the Metaverse.


    Thursday, October 6, 2016 11:59 AM
  • This is a good suggestion. However, to my knowledge it is not possible to conditionally provision users from the MV to FIMMA. That it, either all objects in the MV of a given type are created in the FIM Portal, or none are.

    It's not possible to use an extension on FIMMA, to determine e.g. if an object should be provisioned, or not, to FIMMA.

    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Thursday, October 6, 2016 12:35 PM
  • You can selectively provision objects to MIM Portal by using an alternative MA. You can use Powershell MA, Web Service MA or write your own Extensible MA. This would also remove some of the limits of the MIM MA, the Precedences for example or Joining and add the ability to have MA extension for this connection as well.


    • Edited by henryschl Thursday, October 6, 2016 12:43 PM
    Thursday, October 6, 2016 12:42 PM
  • Thank you leo.

    If extenion on FIMMA is not possible then we have to drop the FIM Portal CAL plan.  

    Sunday, October 9, 2016 12:15 PM
  • Thanks Henry for your suggestion. For now we will drop the FIM Portal to save capitals and time.
    Sunday, October 9, 2016 12:17 PM