Configuring an Inbound User Synchronization Rule

Forefront Identity Manager 2010 Installation & Configuration

Anthony Marsiglia & Kristopher Tackett

Microsoft Premier Field Engineering

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, our provision of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The descriptions of other companies’ products in this document, if any, are provided only as a convenience to you. Any such references should not be considered an endorsement or support by Microsoft. Microsoft cannot guarantee their accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as thorough coverage. For authoritative descriptions of these products, please consult their respective manufacturers.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Prepared by Anthony Marsiglia & Kristopher Tackett
Microsoft Premier Field Engineering

Forefront Identity Manager 2010 Installation & Configuration

Configuring an Inbound User Synchronization Rule

In this section, we will cover the steps necessary for an inbound user synchronization rule, which is required to bring users into the FIM Portal from a connected data source (such as Active Directory). In addition to the sync rule itself, there are two additional components which must also be created: an associated workflow and an associated management policy rule. The correct order for creation should be: synchronization rule (SR), workflow (WF) and management policy rule (MPR).

First, we must create the actual inbound synchronization rule. To begin, navigate to the Portal home screen and select “Synchronization Rules” from the menu.

This will open the synchronization rules menu.

From the top navigation menu, click “New”

Enter a “Display Name” and “Description” (optional), and for “Data Flow Direction:”, choose “Inbound”. Click “Next” to continue.

For “Metaverse Resource Type:”, select “person”. For “External System:”, choose the management agent you will be connecting to. For “External System Resource Type:”, choose “user”. Click “Next” to continue.

In the drop-down menu under “MetavserObject:person(Atrribute)”, choose “accountName”. In the drop-down menu under “ConnectedSystemObject:user(Attrribute)”, choose “sAMAccountName”. Select “Create Resource In FIM” by placing a check in the box next to it, then continue by clicking “Next”.

Now we must configure the inbound attribute flow. Below you can see the “Inbound Attribute Flow” tab with a minimum set of attributes flowing. Here, you may add any additional attributes that make sense in your environment. When finished, click “Next” to continue.

This will display the “Summary” page. Click “submit” to finish.

Below is an example of the inbound/outbound attribute flows for “person” on the FIM MA. Remember, this is an example taken from a lab and may not accurately reflect your environment.

Page 9

Prepared by Anthony Marsiglia & Kristopher Tackett
Microsoft Premier Field Engineering