http://technet.microsoft.com/en-us/query/default.aspx?toc=ff524487&page=ff524488&iroot=edge&title=Screencasts&version=10&field=Category&value=fim&rss=true2012 Microsoft Corporationhh921996.en-us.msdn.10Paul Loonenhttp://technet.microsoft.com/edge/ff832960.aspx?category=Paul%20LoonenTechNet EdgeZuneiPodMediaPaul LoonenNL-BEFR-BEForefrontFIMFIM 2010ScreencastsIdentity ManagerHomepageFIM2010 R2 contains many new features which make it an even better choice for enterprises. During this session, FIM MVP Paul Loonen discusses new features such as the new reporting features in FIM2010 R2 and the updated Password Management options that now allow a larger population to use this feature.Thu, 29 Mar 2012 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh921996(MSDN.10)?query=1FIM2010 R2 contains many new features which make it an even better choice for enterprises. During this session, FIM MVP Paul Loonen discusses new features such as the new reporting features in FIM2010 R2 and the updated Password Management options that now allow a larger population to use this feature.hh289368.en-us.msdn.10Micah LaNasahttp://technet.microsoft.com/edge/ff832960.aspx?category=Micah%20LaNasaZuneiPodTechNet EdgeMicah LaNasaMediaScreencastsFIMForefront Identity ManagerForefront Identity Manager 2010The ability to manage distributed identity information from a central point is key component of the Microsoft Forefront Identity Manager (FIM) 2010 architecture. This process is governed by a well-defined and customizable set of synchronization rules. In this video, I'll introduce you to the central concepts of inbound and outbound synchronization in FIM.Fri, 01 Jul 2011 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh289368(MSDN.10)?query=1The ability to manage distributed identity information from a central point is key component of the Microsoft Forefront Identity Manager (FIM) 2010 architecture. This process is governed by a well-defined and customizable set of synchronization rules. In this video, I'll introduce you to the central concepts of inbound and outbound synchronization in FIM.hh272528.en-us.msdn.10Micah LaNasahttp://technet.microsoft.com/edge/ff832960.aspx?category=Micah%20LaNasaTechNet EdgeMediaZuneiPodMicah LaNasaFIMForefrontForefront Identity ManagementForefront Identity ManagerForefront Identity Manager 2010ScreencastsHomepageWhen you provision new users to the Active Directory Domain Services (ADDS), one common challenge you need to address is the definition of a communication plan for the initial password of newly provisioned user objects. You can configure Forefront Identity Manager (FIM) 2010 to calculate a random password and communicate it using an email notification triggered by FIM 2010. In this video, I’ll show you how to configure the calculation and notification of users’ initial passwords with FIM 2010.Thu, 23 Jun 2011 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh272528(MSDN.10)?query=1When you provision new users to the Active Directory Domain Services (ADDS), one common challenge you need to address is the definition of a communication plan for the initial password of newly provisioned user objects. You can configure Forefront Identity Manager (FIM) 2010 to calculate a random password and communicate it using an email notification triggered by FIM 2010. In this video, I’ll show you how to configure the calculation and notification of users’ initial passwords with FIM 2010.hh300146.en-us.msdn.10Micah LaNasahttp://technet.microsoft.com/edge/ff832960.aspx?category=Micah%20LaNasaTechNet EdgeMediaZuneiPodMicah LaNasaFIMForefrontForefront Identity ManagementForefront Identity ManagerForefront Identity Manager 2010ScreencastsForefront Identity Manager (FIM) 2010 provides Resource Control Display Configurations (RCDCs) for the default resource types in the FIM Service database. When you create a custom resource type, FIM does not have any RCDCs for the new resource type; instead, the resources of that type use a generic RCDC. In this video, I’ll show you how you can create a new RCDC to customize how the new resource types are created, edited, and displayed.Fri, 17 Jun 2011 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh300146(MSDN.10)?query=1Forefront Identity Manager (FIM) 2010 provides Resource Control Display Configurations (RCDCs) for the default resource types in the FIM Service database. When you create a custom resource type, FIM does not have any RCDCs for the new resource type; instead, the resources of that type use a generic RCDC. In this video, I’ll show you how you can create a new RCDC to customize how the new resource types are created, edited, and displayed.hh272556.en-us.msdn.10Micah LaNasahttp://technet.microsoft.com/edge/ff832960.aspx?category=Micah%20LaNasaZuneTechNet EdgeiPodFIMForefrontForefront Identity ManagementForefront Identity ManagerForefront Identity Manager 2010Micah LaNasaMediaScreencastsIn this video I’ll show you how you can easily customize and configure the layout and design of the FIM Portal in Forefront Identity Manager (FIM) 2010 to better match your particular work environment.Fri, 17 Jun 2011 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh272556(MSDN.10)?query=1In this video I’ll show you how you can easily customize and configure the layout and design of the FIM Portal in Forefront Identity Manager (FIM) 2010 to better match your particular work environment.hh133463.en-us.msdn.10Micah LaNasahttp://technet.microsoft.com/edge/ff832960.aspx?category=Micah%20LaNasaTechNet EdgeMediaZuneiPodMicah LaNasaFIMForefront Identity ManagerIdentityForefront Identity ManagementForefront Identity Manager 2010ScreencastsHomepageThe password reset feature in Forefront Identity Manager (FIM) 2010 allows end users to reset their passwords from the Windows logon screen after they complete a registration process to verify their identities. This avoids the costs of involving IT helpdesk personnel to reset passwords for your users. In this video I’ll show you how an end user would complete the password reset registration process and then I’ll show you how an end user uses the feature to reset a password. For more information on deploying this feature watch the Password Reset Deployment with FIM video or read the Password Reset Deployment Guide.Fri, 27 May 2011 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh133463(MSDN.10)?query=1The password reset feature in Forefront Identity Manager (FIM) 2010 allows end users to reset their passwords from the Windows logon screen after they complete a registration process to verify their identities. This avoids the costs of involving IT helpdesk personnel to reset passwords for your users. In this video I’ll show you how an end user would complete the password reset registration process and then I’ll show you how an end user uses the feature to reset a password. For more information on deploying this feature watch the Password Reset Deployment with FIM video or read the Password Reset Deployment Guide.hh155983.en-us.msdn.10Micah LaNasahttp://technet.microsoft.com/edge/ff832960.aspx?category=Micah%20LaNasaTechNet EdgeZuneiPodScreencastsFIMForefront Identity ManagerIdentityForefront Identity ManagementForefront Identity Manager 2010MediaMicah LaNasaThe password reset feature in Forefront Identity Manager (FIM) 2010 allows end users to reset their passwords from the Windows logon screen after they complete a registration process to verify their identities. This avoids the costs of involving IT helpdesk personnel to reset passwords for your users.Fri, 13 May 2011 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh155983(MSDN.10)?query=1The password reset feature in Forefront Identity Manager (FIM) 2010 allows end users to reset their passwords from the Windows logon screen after they complete a registration process to verify their identities. This avoids the costs of involving IT helpdesk personnel to reset passwords for your users.hh150143.en-us.msdn.10Micah LaNasahttp://technet.microsoft.com/edge/ff832960.aspx?category=Micah%20LaNasaTechNet EdgeMediaZuneiPodMicah LaNasaForefront Identity Manager 2010Forefront Identity ManagerForefront Identity ManagementFIMIdentityScreencastsThe Forefront Identity Manager 2010 Synchronization Service provides a solution to synchronize the global address list (GAL) between two Active Directory forests. The goal of a GAL synchronization solution is to synchronize users, groups, and contacts from one forest with contact objects to another forest. In this video, I will walk you through the steps required to synchronize GALs in your organization. For more information on GAL Synchronization see Global Address List Synchronization Resource Wiki.Fri, 06 May 2011 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Hh150143(MSDN.10)?query=1The Forefront Identity Manager 2010 Synchronization Service provides a solution to synchronize the global address list (GAL) between two Active Directory forests. The goal of a GAL synchronization solution is to synchronize users, groups, and contacts from one forest with contact objects to another forest. In this video, I will walk you through the steps required to synchronize GALs in your organization. For more information on GAL Synchronization see Global Address List Synchronization Resource Wiki.ff945082.en-us.msdn.10David Tesarhttp://technet.microsoft.com/edge/extreme.aspxSecurityForefrontIdentityFIMForefront Identity ManagerEnglishVideosHomePageFeaturedDavid TesarZuneiPodTechNet EdgeScreencastsWatch this 6 min demo of FIM’s self-service password reset capabilities presented by Alym Rayani, Microsoft PM for Forefront Identity Manager 2010.  For the first ~1:20 Alym chats about password reset and then walks through and explains the reset password wizard on Windows 7. He shows how the user fills out the password, self-service, registration wizard. Download an evaluation of FIMTue, 27 Apr 2010 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Ff945082(MSDN.10)?query=1Watch this 6 min demo of FIM’s self-service password reset capabilities presented by Alym Rayani, Microsoft PM for Forefront Identity Manager 2010.  For the first ~1:20 Alym chats about password reset and then walks through and explains the reset password wizard on Windows 7. He shows how the user fills out the password, self-service, registration wizard. Download an evaluation of FIMff711621.en-us.msdn.10David Tesarhttp://technet.microsoft.com/edge/extreme.aspxTechNet EdgeForefront Identity ManagementIdentityFIMVideosEnglishDavid TesarZuneiPodWatch this 3 min demo of managing groups from the FIM self-service web portal from Jeff Staiman, Microsoft Program Manager for Forefront Identity Manager 2010.Mon, 26 Apr 2010 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Ff711621(MSDN.10)?query=1Watch this 3 min demo of managing groups from the FIM self-service web portal from Jeff Staiman, Microsoft Program Manager for Forefront Identity Manager 2010.ff711572.en-us.msdn.10David Tesarhttp://technet.microsoft.com/edge/extreme.aspxTechNet EdgeSecurityForefront Identity ManagerFIMVideosEnglishDavid TesarZuneiPodRichard, VP of product strategy for Telus tells us about managing identities with Forefront Identity Manager (FIM) and Public Key Infrastructures (PKI) and limitations to security with PKI and offline root CAs.  We get into the difference between an offline root CA and hardware security modules (HSMs) and when you might need to use a HSM.  Also, he gives some general tips on managing identities in your environment.Mon, 26 Apr 2010 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Ff711572(MSDN.10)?query=1Richard, VP of product strategy for Telus tells us about managing identities with Forefront Identity Manager (FIM) and Public Key Infrastructures (PKI) and limitations to security with PKI and offline root CAs.  We get into the difference between an offline root CA and hardware security modules (HSMs) and when you might need to use a HSM.  Also, he gives some general tips on managing identities in your environment.ff711579.en-us.msdn.10David Tesarhttp://technet.microsoft.com/edge/extreme.aspxTechNet EdgeSecurityForefrontIdentityFIMForeFront Identity ManagerVideosEnglishDavid TesarZuneiPodMorten Sigurdsson of Omada tells us about role based access for Forefront Identity Manager 2010.  We cover a number of topics such as: Problems around compliance; Example of where a customer used FIM + Omada module to save costs; Details on role based access control; Enterprise role versus group management and when you might want role management.Mon, 26 Apr 2010 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Ff711579(MSDN.10)?query=1Morten Sigurdsson of Omada tells us about role based access for Forefront Identity Manager 2010.  We cover a number of topics such as: Problems around compliance; Example of where a customer used FIM + Omada module to save costs; Details on role based access control; Enterprise role versus group management and when you might want role management.ff711559.en-us.msdn.10David Tesarhttp://technet.microsoft.com/edge/extreme.aspxTechNet EdgeSecurityforefrontIdentityFIMForefront Identity ManagerVideosEnglishDavid TesarZuneiPodFirst American Title Insurance Company tells us the details about how FIM helped in their environment and how they implemented the product. We hear from Cameron Cosgrove, VP of infrastructure and Scott Weir, manager of desktop architecture. We cover: How FIM helped them have better data centric security: Why they decided to choose FIM over vendors: How they used FIM to federate identities out into a 3rd party cloud; What the process was like to implement FIM and what they learned. Some tips to help you implement FIM.Thu, 25 Mar 2010 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Ff711559(MSDN.10)?query=1First American Title Insurance Company tells us the details about how FIM helped in their environment and how they implemented the product. We hear from Cameron Cosgrove, VP of infrastructure and Scott Weir, manager of desktop architecture. We cover: How FIM helped them have better data centric security: Why they decided to choose FIM over vendors: How they used FIM to federate identities out into a 3rd party cloud; What the process was like to implement FIM and what they learned. Some tips to help you implement FIM.ff945072.en-us.msdn.10Alan Le Marquandhttp://technet.microsoft.com/edge/ff832960.aspx?category=Alan%20Le%20MarquandForefrontAlan Le MarquandEnglishForefront solutionFIMForefront Identity ManagerArticlesTechNet EdgeArticlesIn the previous post we started our look at how Microsoft Forefront Identity Manager 2010 (FIM), a component of Microsoft’s Identity & Access Management solution, enables IT Administrators to centrally manage identity and access. The post specifically covered how FIM allows the IT Administrator to automate creation of identity information based on a workflow process. We used an example where the HR department added an employee to their system, signalling FIM to automate the process of creating all the necessary accounts and certificates that an employee needs when they start. In this post we will look at another side of FIM, self-service management. We will look at two main areas, password reset and group management. Those of us who have worked on any help desk find that we soon build up a set of regular “customers”. Of course, one of the more common calls we get concerns passwords. For instance, the caller has been away from the office on holiday and forgot their password, or they just changed it on a Friday and by Monday they’ve forgotten it. All possible reasons for these calls are too numerous to list, but the end result is that we have to reset the password and get the password back to the caller. That is a challenge in itself. Who hasn’t reset a password and had a temporary one that looks like: “Ku#98uO(p4”? What are the chances of that being entered right the first time? What if we could help make those helpdesk calls history? One of the capabilities in FIM 2010 is to do exactly that. If someone forgets their password, they can go through a self-service password reset from the Windows logon screen. How does this work? Initially, the IT Administrator uses the FIM portal to configure user access rights to use self-service password reset. When the user next logs on, they are presented with a FIM password reset registration screen where they are asked to provide answers to some questions. The IT Administrator can determine the number of questions and what these questions are.  This is process is similar to how you may use online banking. For example, they ask questions like “What is your mother's maiden name?”, first school, favourite team etc. Through these questions you can identify yourself when you have forgotten your password. When you go through the reset process, you are asked a couple of questions, FIM verifies the answers, and then allows you to reset your password. Next, FIM checks that password with the directory service to ensure it meets the security requirements, and then resets it. Job done! No help desk call is needed. The user is returned to the logon screen and can log on. As I mentioned above, we’ve had self-service password reset for online services such as banking for a while now, so why not apply the same principle for the enterprise? Now we do. FIM also allows us to take this self-service concept further. If you think about it, a password is really just another attribute about a user. Could we use FIM to delegate control of other attributes to the user? There is potentially lots of information not stored in an HR system that is useful in, say, a Global Address List. Think about how hard is it to change your phone details or your address in your current organization. How many systems need to know about the change and how many forms do you think you need to fill in and send to make sure it’s all accurate? In the first post on FIM we discussed its ability to sync information across systems based on rules and workflow. This functionality forms the backend that allows us to do the same with user attributes like address, phone number or building location. FIM offers the ability to delegate the updating of attributes to the user; the delegation includes workflows to ensure that the correct people approve the updates. You probably don’t want people trying to update their manager or job title without some form of control, but a mobile phone number is something that is relatively safe and requires no oversight for most organizations. If we can make these changes relatively painless to users, they are more likely to maintain their own information. The more accurate the identity information is, the better the solutions that can be built on it. Another area where the help desk can get lots of calls is around group management. From my early days of training on NT 4.0 it was drummed in that using groups was the most efficient way to allocate access to resources. This lesson has served me well over the years, but we’ve probably all questioned the value of groups when you keep getting a constant trickle of change requests. It’s an old story, when the group was first created, you had to add some number of users, but it was largely a case of one touch, and it was done. Then every other day, you get a request to add or remove a user. There has to be a better way. FIM provides a better way through group management. Within the FIM management UI you can create groups and populate membership in three ways, by criteria, by manager-based structure, or manually. You can create Security Groups as well as Distribution Groups and even delegate out creation and management of these to end users. So what does all that mean? Membership via criteria is the way that FIM allows you to set a criteria for group members; for example “Employee type = contractor” would populate a group with all employees that are flagged as contractors. You can create criteria based on combination of attributes as well.  If you add “Department = Sales” to my last example, you would get all of the contractors in the Sales department in one group. These attributes can be derived from the HR System, so when attributes change there, the group membership automatically changes. In the background, FIM notices changes to the HR system and makes updates to users' attributes. Manager-based membership means the group is made up of all those people who report to a given manager. Finally, the one capability that, in addition to automatic group membership’s helps stop helpdesk calls, is the approval version. A group can be set up where a person is responsible for approving membership. To join the group a person either has to respond to an email sent out to join a group, or requests to join it. Either way, an email is sent to the approvers who can then action the request. How’s this done? Through Outlook - FIM integrates with Outlook. When you receive an email to join a group, you can use the “Join” button in the ribbon to join the group. If you do this via the email, Outlook will pre-populate the FIM form with all the groups on the email. If you do this outside an email, you still get the form but can select any group from the address list. Your request is then routed to the approver, who gets an email. From within that email they can manage the requests. They can do this offline too. If they have synchronized their inbox before disconnecting, they are able to process any request emails without having to connect. The next time they connect to the network, these requests are sent off. When a company is not using Exchange Server or Outlook 2007, the capabilities are also available through the FIM management portal. In summary, what all this does is help take away the load and responsibility for group management from the help desk and delegates it to the end users. The resouce ownere is often the best person to decide who can and cannot have access to a resource. With products like SharePoint becoming more and more prevalent in organizations, group management can become more time-consuming. The features within FIM 2010 are aimed at helping to reduce associated identity management costs. In the next part, I’ll round off the Identity & Access Management story by looking at how you can federate identity across different organizations to enable secure collaboration. Assets Videos / Webcasts TechNet Webcast: Forefront Identity Manager 2010: Technical Overview and Deployment TechNet Webcast: Identity and Access Management Solution Webcast: Forefront Identity Manager 2010 – Technical Overview and Feature drill-down  Reducing cost of group management TechNet Edge Video: Identity and Access Management Solution Channel 9 Video: Alex Weinert on Forefront Identity Manager 2010 RSA Announcements TechNet Webcast: Forefront Identity Manager 2010: Monitoring and Troubleshooting FIM in Production TechNet Webcast: Forefront Identity Manager 2010: Deploying FIM TechNet Webcast: Forefront Identity Manager 2010: Extending FIM Datasheets and downloads Identity and Access Management Datasheet Trial Download FIM 2010Mon, 15 Mar 2010 00:00:00 -0700http://technet.microsoft.com:80/en-us/edge/Ff945072(MSDN.10)?query=1In the previous post we started our look at how Microsoft Forefront Identity Manager 2010 (FIM), a component of Microsoft’s Identity & Access Management solution, enables IT Administrators to centrally manage identity and access. The post specifically covered how FIM allows the IT Administrator to automate creation of identity information based on a workflow process. We used an example where the HR department added an employee to their system, signalling FIM to automate the process of creating all the necessary accounts and certificates that an employee needs when they start. In this post we will look at another side of FIM, self-service management. We will look at two main areas, password reset and group management. Those of us who have worked on any help desk find that we soon build up a set of regular “customers”. Of course, one of the more common calls we get concerns passwords. For instance, the caller has been away from the office on holiday and forgot their password, or they just changed it on a Friday and by Monday they’ve forgotten it. All possible reasons for these calls are too numerous to list, but the end result is that we have to reset the password and get the password back to the caller. That is a challenge in itself. Who hasn’t reset a password and had a temporary one that looks like: “Ku#98uO(p4”? What are the chances of that being entered right the first time? What if we could help make those helpdesk calls history? One of the capabilities in FIM 2010 is to do exactly that. If someone forgets their password, they can go through a self-service password reset from the Windows logon screen. How does this work? Initially, the IT Administrator uses the FIM portal to configure user access rights to use self-service password reset. When the user next logs on, they are presented with a FIM password reset registration screen where they are asked to provide answers to some questions. The IT Administrator can determine the number of questions and what these questions are.  This is process is similar to how you may use online banking. For example, they ask questions like “What is your mother's maiden name?”, first school, favourite team etc. Through these questions you can identify yourself when you have forgotten your password. When you go through the reset process, you are asked a couple of questions, FIM verifies the answers, and then allows you to reset your password. Next, FIM checks that password with the directory service to ensure it meets the security requirements, and then resets it. Job done! No help desk call is needed. The user is returned to the logon screen and can log on. As I mentioned above, we’ve had self-service password reset for online services such as banking for a while now, so why not apply the same principle for the enterprise? Now we do. FIM also allows us to take this self-service concept further. If you think about it, a password is really just another attribute about a user. Could we use FIM to delegate control of other attributes to the user? There is potentially lots of information not stored in an HR system that is useful in, say, a Global Address List. Think about how hard is it to change your phone details or your address in your current organization. How many systems need to know about the change and how many forms do you think you need to fill in and send to make sure it’s all accurate? In the first post on FIM we discussed its ability to sync information across systems based on rules and workflow. This functionality forms the backend that allows us to do the same with user attributes like address, phone number or building location. FIM offers the ability to delegate the updating of attributes to the user; the delegation includes workflows to ensure that the correct people approve the updates. You probably don’t want people trying to update their manager or job title without some form of control, but a mobile phone number is something that is relatively safe and requires no oversight for most organizations. If we can make these changes relatively painless to users, they are more likely to maintain their own information. The more accurate the identity information is, the better the solutions that can be built on it. Another area where the help desk can get lots of calls is around group management. From my early days of training on NT 4.0 it was drummed in that using groups was the most efficient way to allocate access to resources. This lesson has served me well over the years, but we’ve probably all questioned the value of groups when you keep getting a constant trickle of change requests. It’s an old story, when the group was first created, you had to add some number of users, but it was largely a case of one touch, and it was done. Then every other day, you get a request to add or remove a user. There has to be a better way. FIM provides a better way through group management. Within the FIM management UI you can create groups and populate membership in three ways, by criteria, by manager-based structure, or manually. You can create Security Groups as well as Distribution Groups and even delegate out creation and management of these to end users. So what does all that mean? Membership via criteria is the way that FIM allows you to set a criteria for group members; for example “Employee type = contractor” would populate a group with all employees that are flagged as contractors. You can create criteria based on combination of attributes as well.  If you add “Department = Sales” to my last example, you would get all of the contractors in the Sales department in one group. These attributes can be derived from the HR System, so when attributes change there, the group membership automatically changes. In the background, FIM notices changes to the HR system and makes updates to users' attributes. Manager-based membership means the group is made up of all those people who report to a given manager. Finally, the one capability that, in addition to automatic group membership’s helps stop helpdesk calls, is the approval version. A group can be set up where a person is responsible for approving membership. To join the group a person either has to respond to an email sent out to join a group, or requests to join it. Either way, an email is sent to the approvers who can then action the request. How’s this done? Through Outlook - FIM integrates with Outlook. When you receive an email to join a group, you can use the “Join” button in the ribbon to join the group. If you do this via the email, Outlook will pre-populate the FIM form with all the groups on the email. If you do this outside an email, you still get the form but can select any group from the address list. Your request is then routed to the approver, who gets an email. From within that email they can manage the requests. They can do this offline too. If they have synchronized their inbox before disconnecting, they are able to process any request emails without having to connect. The next time they connect to the network, these requests are sent off. When a company is not using Exchange Server or Outlook 2007, the capabilities are also available through the FIM management portal. In summary, what all this does is help take away the load and responsibility for group management from the help desk and delegates it to the end users. The resouce ownere is often the best person to decide who can and cannot have access to a resource. With products like SharePoint becoming more and more prevalent in organizations, group management can become more time-consuming. The features within FIM 2010 are aimed at helping to reduce associated identity management costs. In the next part, I’ll round off the Identity & Access Management story by looking at how you can federate identity across different organizations to enable secure collaboration. Assets Videos / Webcasts TechNet Webcast: Forefront Identity Manager 2010: Technical Overview and Deployment TechNet Webcast: Identity and Access Management Solution Webcast: Forefront Identity Manager 2010 – Technical Overview and Feature drill-down  Reducing cost of group management TechNet Edge Video: Identity and Access Management Solution Channel 9 Video: Alex Weinert on Forefront Identity Manager 2010 RSA Announcements TechNet Webcast: Forefront Identity Manager 2010: Monitoring and Troubleshooting FIM in Production TechNet Webcast: Forefront Identity Manager 2010: Deploying FIM TechNet Webcast: Forefront Identity Manager 2010: Extending FIM Datasheets and downloads Identity and Access Management Datasheet Trial Download FIM 2010ff945059.en-us.msdn.10Alan Le Marquandhttp://technet.microsoft.com/edge/ff832960.aspx?category=Alan%20Le%20MarquandAlan Le MarquandForefrontForefront Identity ManagerFIMIdentity ManagementEnglishArticlesTechNet EdgeArticlesAll organizations need to manage identities, credentials, and resources. Some lucky organizations only have to deal with one directory, but most have to deal with multiple directory trees and application-specific identity sources. The IT departments in those organizations are expected to deliver this management efficiently, cost-effectively, and securely. When this management goes bad, IT departments can lose the ability to be agile, and custom solutions created to manage identities can inhibit their ability to adapt to business change efficiently. These solutions may require manual intervention, inevitably resulting in higher costs. What organizations need is a comprehensive identity and access management solution that can integrate certificate and smart card management with the traditional identity management lifecycle, while it brings a level of self-service management to users. Microsoft Forefront Identity Manager 2010 (FIM) is a component of Microsoft’s Identity & Access Management solution that brings powerful capabilities, administrative tools, and enhanced automation to organizations to help them efficiently manage identities. FIM is not the first identity management product from Microsoft. FIM has evolved from Microsoft Identity Lifecycle Manager (ILM) 2007, which was previously Microsoft Identity Integration Server (MIIS) 2003, which originated from Microsoft Metadirectory Services (MMS). These products provide two, stable engines for delivering the core services of FIM. These engines deliver core provisioning and synchronization services between different systems, as well as certificate and smart card management. FIM then builds on previous releases by wrapping these core services in a rich management environment, including workflows and self-service capabilities for end users, making it easier for IT Administrators to manage the identity management lifecycle, and enabling them to delegate some tasks to end users. How does FIM make identity management easier? FIM 2010 provides the ability to manage multiple credentials in an integrated manner. IT Administrators have centralized management tools where they can view and define policies, such as defining smart card templates and processes for resetting PINs. Today, IT Administrators often spend time adding people to groups, removing people from groups (if they are ever told access is no longer needed ), creating and managing accounts, or at least trying to. When a new hire arrives at a company it can turn into a departmental sweepstakes - “Guess the date when Joe will have access to our systems?” When you think about your organization, think of all the accounts you have. You have an network account, then you almost certainly have an email account, which is also almost certainly a member of a number of distribution groups, an account in the finance system so you get paid, and an account in a customer relationship system. Then there are the file shares and web sites which you have access to internally. Finally, like me, you may have a building access card that may be a smart card with certificates on it. All of these have to be created, authorized, and issued. This is what FIM does, or moreover, this is what FIM enables the IT Administrators to do more efficiently. When new hire “Joe” starts, he may well go through some new employee orientation. At that point, the HR representative could add or approve “Joe” in their system. Then “Joe” officially exists. In the background, FIM has seen this change because of the policies defined by the Administrators. FIM now starts the enrollment process, a network access account is created, a corresponding email account is created, requests for certificates are generated, and requests are sent to the appropriate people to authorize the creation of accounts in the CRM system or the finance system. At every stage, the policy and workflow dictates who gets notified to authorize the change. So when “Joe” gets to the security office to have his picture taken and added to his access card, the card can be loaded with the right certificates and “Joe” can walk into his new department all ready to go. This isn’t a one way process. Should “Joe” leave, when his final salary is paid, FIM can reverse all these changes, certificates can be revoked and accounts disabled, etc. FIM also provides the IT Administrators the ability to delegate certain information management tasks to users. During “Joe’s” employment, he can self-manage some of his own identity information such as his mobile phone number, as well as reset his password or smart card PIN. Tasks like password or PIN reset, in estimates, can cost around $35 per request, which can quickly accumulate over the course of a year. FIM allows IT Administrators to spend more time managing their systems' security, and less time managing people’s identity. In the next part we will look at the self-service capabilities in FIM, and how access management of resources can be delegated to end users. Related Resources Videos / Webcasts   TechNet Webcast: Forefront Identity Manager 2010: Technical Overview and Deployment TechNet Webcast: Forefront Identity Manager 2010: Deploying FIM TechNet Webcast: Identity and Access Management Solution Webcast: Forefront Identity Manager 2010 – Technical Overview and Feature drill-down  TechNet Edge Video: Forefront Identity Manager- Reducing cost of group management TechNet Edge Video: Identity and Access Management Solution Channel 9 Video: Alex Weinert on Forefront Identity Manager 2010 Datasheets and downloads                  Identity and Access Management Datasheet         Trial Download FIM 2010Wed, 03 Mar 2010 00:00:00 -0800http://technet.microsoft.com:80/en-us/edge/Ff945059(MSDN.10)?query=1All organizations need to manage identities, credentials, and resources. Some lucky organizations only have to deal with one directory, but most have to deal with multiple directory trees and application-specific identity sources. The IT departments in those organizations are expected to deliver this management efficiently, cost-effectively, and securely. When this management goes bad, IT departments can lose the ability to be agile, and custom solutions created to manage identities can inhibit their ability to adapt to business change efficiently. These solutions may require manual intervention, inevitably resulting in higher costs. What organizations need is a comprehensive identity and access management solution that can integrate certificate and smart card management with the traditional identity management lifecycle, while it brings a level of self-service management to users. Microsoft Forefront Identity Manager 2010 (FIM) is a component of Microsoft’s Identity & Access Management solution that brings powerful capabilities, administrative tools, and enhanced automation to organizations to help them efficiently manage identities. FIM is not the first identity management product from Microsoft. FIM has evolved from Microsoft Identity Lifecycle Manager (ILM) 2007, which was previously Microsoft Identity Integration Server (MIIS) 2003, which originated from Microsoft Metadirectory Services (MMS). These products provide two, stable engines for delivering the core services of FIM. These engines deliver core provisioning and synchronization services between different systems, as well as certificate and smart card management. FIM then builds on previous releases by wrapping these core services in a rich management environment, including workflows and self-service capabilities for end users, making it easier for IT Administrators to manage the identity management lifecycle, and enabling them to delegate some tasks to end users. How does FIM make identity management easier? FIM 2010 provides the ability to manage multiple credentials in an integrated manner. IT Administrators have centralized management tools where they can view and define policies, such as defining smart card templates and processes for resetting PINs. Today, IT Administrators often spend time adding people to groups, removing people from groups (if they are ever told access is no longer needed ), creating and managing accounts, or at least trying to. When a new hire arrives at a company it can turn into a departmental sweepstakes - “Guess the date when Joe will have access to our systems?” When you think about your organization, think of all the accounts you have. You have an network account, then you almost certainly have an email account, which is also almost certainly a member of a number of distribution groups, an account in the finance system so you get paid, and an account in a customer relationship system. Then there are the file shares and web sites which you have access to internally. Finally, like me, you may have a building access card that may be a smart card with certificates on it. All of these have to be created, authorized, and issued. This is what FIM does, or moreover, this is what FIM enables the IT Administrators to do more efficiently. When new hire “Joe” starts, he may well go through some new employee orientation. At that point, the HR representative could add or approve “Joe” in their system. Then “Joe” officially exists. In the background, FIM has seen this change because of the policies defined by the Administrators. FIM now starts the enrollment process, a network access account is created, a corresponding email account is created, requests for certificates are generated, and requests are sent to the appropriate people to authorize the creation of accounts in the CRM system or the finance system. At every stage, the policy and workflow dictates who gets notified to authorize the change. So when “Joe” gets to the security office to have his picture taken and added to his access card, the card can be loaded with the right certificates and “Joe” can walk into his new department all ready to go. This isn’t a one way process. Should “Joe” leave, when his final salary is paid, FIM can reverse all these changes, certificates can be revoked and accounts disabled, etc. FIM also provides the IT Administrators the ability to delegate certain information management tasks to users. During “Joe’s” employment, he can self-manage some of his own identity information such as his mobile phone number, as well as reset his password or smart card PIN. Tasks like password or PIN reset, in estimates, can cost around $35 per request, which can quickly accumulate over the course of a year. FIM allows IT Administrators to spend more time managing their systems' security, and less time managing people’s identity. In the next part we will look at the self-service capabilities in FIM, and how access management of resources can be delegated to end users. Related Resources Videos / Webcasts   TechNet Webcast: Forefront Identity Manager 2010: Technical Overview and Deployment TechNet Webcast: Forefront Identity Manager 2010: Deploying FIM TechNet Webcast: Identity and Access Management Solution Webcast: Forefront Identity Manager 2010 – Technical Overview and Feature drill-down  TechNet Edge Video: Forefront Identity Manager- Reducing cost of group management TechNet Edge Video: Identity and Access Management Solution Channel 9 Video: Alex Weinert on Forefront Identity Manager 2010 Datasheets and downloads                  Identity and Access Management Datasheet         Trial Download FIM 2010ff711512.en-us.msdn.10David Tesarhttp://technet.microsoft.com/edge/extreme.aspxTechNet EdgeSecurityForeFrontIdentityForefront Indentity ManagerFIMRSA2010VideosEnglishDavid TesarZuneiPodBrendan Foley shares the Microsoft announcements at the RSA 2010 conference in this 3 min video.Tue, 02 Mar 2010 00:00:00 -0800http://technet.microsoft.com:80/en-us/edge/Ff711512(MSDN.10)?query=1Brendan Foley shares the Microsoft announcements at the RSA 2010 conference in this 3 min video.ff711496.en-us.msdn.10David Tesarhttp://technet.microsoft.com/edge/extreme.aspxTechNet EdgeSecurityForefront Identity ManagementIdentityFIM_FeatureForefrontVideosEnglishForefrontDavid TesarZuneiPodBrjann Brekkan, PM for the Identity and Access Management (IAM) solution and related products, describes the capabilities and business drivers behind the solution. Beginning at [6:08], he gives us a screencast demo of parts of the solution. The demo includes automated AD group management and access through Forefront Identity Manager (FIM), FIM password reset, and managing group membership via Outlook.Thu, 25 Feb 2010 00:00:00 -0800http://technet.microsoft.com:80/en-us/edge/Ff711496(MSDN.10)?query=1Brjann Brekkan, PM for the Identity and Access Management (IAM) solution and related products, describes the capabilities and business drivers behind the solution. Beginning at [6:08], he gives us a screencast demo of parts of the solution. The demo includes automated AD group management and access through Forefront Identity Manager (FIM), FIM password reset, and managing group membership via Outlook.