What is a FIM Replay MA?

A Replay MA is an import only text file management agent derived from any existing management agent by leveraging the audit drop file created as a by-product of either a full or delta import run profile.  While the concept applies to any MA, the management agent that has been targeted for this topic is the FIM MA because of the special benefits that this brings.

What do you use it for?

The concept of the Replay MA is to provide very low cost option (in terms of development as well as processing overhead) of providing the FIM Metaverse with an additional feed of the same data already present in an existing MA.  In the special case of the FIM MA, this provides added benefits, including avoiding equal precedence when you would not otherwise implement this feature.

The Replay MA was inspired by limitations encountered using the FIM MA …

  • The FIM MA is very different from any other type
  • Additional rules apply, e.g.
    • Only one instance of the FIM MA allowed per sync service
    • Only one FIM service connected to a single sync service
    • One-to-one “like with like” attribute mappings only
    • Only direct flows configurable in the MA wizard only
    • No manual precedence allowed when FIM MA contributes an attribute value to the MV
Constraints such as the ones above can impose solution limitations … ones that we might find ourselves looking for ways around.  The above restrictions mean that there is effectively no real flexibility around how to design configurations to achieve common synchronization requirements. Specifically there are several emerging use cases (which I will come to shortly) which can NOT be achieved using the synchronization engine and can only be approximated using custom workflow activities.  As a result, there is no documented means of using the FIM Synchronization engine to achieve certain desirable outcomes.

The Instant Replay MA is a concept which leverages standard FIM Sync Engine features in a way not considered before to allow certain configuration options that are often not possible otherwise.  Using what is essentially a read-only clone of any existing MA (including the FIM MA), any attribute can be contributed by the cloned MA in lieu of the original MA, thereby allowing for standard and extended options involving these attribute flows.

Note that the context of the reminder of this article, and the link below to the scripts and detailed instructions, is exclusively the FIM MA.

When should I use it?

  • Eliminate the need to configure "equal precedence" for scenarios where there is no alternative when involving the FIM MA

    There are several scenarios here (e.g. group membership for migrated groups should become authoritative in the portal post migration) which are presently not achievable without configuring equal precedence.  This is always problematic and would be good to avoid by introducing a 3rd authoritative source for group membership which can trump the others.

  • Provide a means for FIM portal attributes to be used to derive additional columns (incl. in advanced attribute flows).

    The FIM MA allows only direct 1-1 attribute flows between like object classes in the FIM Portal and the FIM Metaverse using fixed class schema.  One scenario is where you wish to join on something other than the mv GUID – e.g. on the manager attribute so as to enable flow of the manager display name (redundantly) to the subordinate.

  • Provide a means for FIM portal attributes to be used to be treated as different attribute types (incl. in advanced attribute flows).
  • The FIM MA allows only direct 1-1 attribute flows between like object classes in the FIM Portal and the FIM Metaverse using fixed class schema.  This prevents the use of advanced flow rules in such cases as only flowing reference attributes based on the value of another attribute of the same identity, or flowing reference types as strings to allow for advanced flow rules.

    * Note: there is a documented alternative (advanced) for this scenario when working with Portal sync rules.

  • Provide a means to define MANUAL precedence by enabling advanced attribute flows (rules extensions) from the FIM Portal

    The FIM MA allows only direct 1-1 attribute flows, and as a result any attribute contributed by the FIM Portal cannot be included in a “manual precedence rule” when the FIM MA is the only means of sourcing this attribute from the FIM Portal

OK - so how do I set this up?

For all the scripts you need to implement this idea, together with detailed instructions and screenshots of the FIM configuration, please proceed to this FIM Team Community Page.