Introduction to FIM Add-in for Outlook

  • Article

Applies To: Forefront Identity Manager 2010

The FIM Add-in for Outlook component that is included with FIM 2010 provides a subset of the functionality for managing groups and approvals that are available in the FIM Portal. The FIM Add-in for Microsoft Office Outlook® allows users to use the native Outlook 2007 messaging and collaboration client to submit requests for the following activities:

  • Join or leave a group.

  • Add and remove members from groups.

  • Access the group management Web site.

  • Approve or reject a group management request received using FIM 2010.

What This Document Covers

This document demonstrates and highlights the group management functionality using the FIM Add-in for Outlook. It discusses how to join a group and how to approve a join group request using Outlook 2007 with the FIM Add-in for Outlook.

Prerequisite Knowledge

This document assumes that you have a basic understanding of Outlook 2007.

Audience

This document is intended for IT planners, systems administrators, architects, technology-decision makers, consultants, infrastructure planners, and IT personnel who plan to deploy and use the FIM Add-in for Outlook 2007.

Time Requirements

The procedures in this document require 30 to 45 minutes to complete.

Scenario Description

A member of the Fabrikam forest, SamH, submits a request to be added to the distribution group Marketing Strategy Discussion along with JaneS. BobM, the owner of Marketing Strategy Discussion, receives and processes the approval request.

Additionally, SamH submits a request to join the distribution group Marketing Communications Review. Marketing Communications Review has two owners, TammyW and JaneS. Authorization to join Marketing Communications Review requires the approval of one of the group's owners. TammyW and JaneS receive the approval request. TammyW processes the approval request before JaneS.

Testing Environment

To perform the procedures in this document, your environment should have the following characteristics:

  • A server computer that is a member of the Fabrikam forest and that hosts the FIM 2010 server components.

  • The default Management Policy Rules (MPR) for the Distribution List Management and Group Management Workflows have been enabled. For more information, see Introduction to Management Policy Rules in the FIM 2010 documentation set.

  • A client computer that is a member of the Fabrikam forest with the FIM Add-in for Outlook.

  • A server computer that is a member of the Fabrikam forest and that hosts Microsoft Exchange Server 2007.

  • The e-mail address needs to be synchronized between Active Directory (AD) and FIM 2010, since FIM 2010 relies on e-mail address to correlate users and groups specified in requests from Outlook, to users and groups which exist in the FIM 2010 app store.

Before You Begin

This document assumes that you have installed the FIM 2010 server and the FIM Add-in for Outlook. It also assumes that you have an authorization workflow in place in the FIM Portal that sends approval e-mail messages when members request to join a group.

Note

For more information about configuring an authorization workflow, refer to the Introduction to Workflow Management document included with the FIM 2010 documentation set.

The following users and groups need to exist in your FIM 2010 environment:

  • SamH

  • JaneS

  • BobM

  • CherylR

  • TammyW

  • Marketing Strategy Discussion - this group should be an e-mail distribution group, with BobM as its owner

  • Marketing Communications Review - this group should be an e-mail distribution group, with CherylR and TammyW as its owners. When you create these groups, you should ensure you select that owner approval is required to join the group.

    Note

    For more information about configuring users and groups, refer to the Introduction to Distribution List Management document included with the FIM 2010 documentation set.

  • You must synchronize the users and groups between FIM 2010 and Active Directory directory services (AD DS). Group membership, in particular e-mail address, must flow for all users and groups between FIM 2010 and AD DS.

    Note

    For more information about synchronizing users and groups, refer to the Introduction to User and Group Management document included with the FIM 2010 documentation set.

Best Practices

As a best practice, outbound e-mail templates used for notifications and approvals should include a link to the request resource. This link allows business decision makers to inspect additional details which may not be present in the mail. To add this link, include the following HTML snippet in the mail templates to point to the FIM Portal:

<a href="https://identity.fabrikam.com/identitymanagement/aspx/Requests/RequestProperties.aspx?id=[//Request/ObjectId]&type=Request&_p=1">View the entire request</a>

Implementing the Procedures in This Document

To implement the procedures for the scenario described in this document, you must complete the following steps in the order shown:

  1. Request to add members to a group

  2. Approve the add members to group request

  3. Verify that the requestors are members of the group

  4. Request to join an additional group

  5. Join group request is processed by one of the approvers

  6. Verify the requester is a member of the group

Request to Add Members to a Group

In this step, you use the FIM Add-in for Outlook component to request that members be added to a group.

Important

A group management request can contain a maximum of 50 members, added or removed from a maximum of 20 groups.

To request that members be added to a group

  1. Log on to the client computer as SamH, and then open Outlook 2007.

  2. At the top, go to the Groups toolbar and from the drop-down select Join Group. This will open a pre-configured e-mail that is addressed to Administrator. This cannot be changed but FIM 2010 knows to send BobM an e-mail, provided that user is an owner of the DL.

  3. Click Join.

  4. Choose Marketing Strategy Discussion and then click OK.

  5. Click Send.

Approve the Add Members to Group Request

In this step, BobM receives and approves the request that SamH submitted.

To approve the add member to group request

  1. Log on as BobM, and then open Outlook 2007.

    The Inbox for BobM contains the approval request e-mail message for SamH to join Marketing Strategy Discussion.

  2. Approve the add member to a group request for SamH in one of the following ways:

    • In the Outlook 2007 main window, under Inbox, select the approval message. In the bottom part of the reading pane, click Approve and then click Send.

    • On the Outlook 2007 main window, under Inbox, select and right-click the approval message and then click Approve from the context menu and then click Send.

    • Open the e-mail message, click Approve in the top left of the Outlook 2007 ribbon, and then click Send.

    • From the toolbar on the Outlook 2007 main window, click the Groups button. From the drop-down list presented click Group Management Web site to open the FIM Web portal and from the navigation pane, under Requests and Approvals, click Approve Requests. Select the add member to group request, and then click Approve.

    • Select the approval e-mail and open the Actions menu and click Approve.

  3. Click Send to send your approval response to FIM 2010.

Verify that Requestors are Members of the Group

In this step, you verify that SamH is a member of Marketing Strategy Discussion.

To verify group membership

  1. Login as SamH and then open Outlook 2007.

  2. Verify that SamH is a member of Marketing Strategy Discussion in one of the following ways:

    • From the toolbar on the Outlook 2007 main window click Tools and then click Address Book. Select SamH, view the user properties and verify the user is a member of Marketing Strategy Discussion.

      Note

      Depending on your environment, you may need to wait until the Outlook Address Book is updated.

      -or-

      Select All Groups from the drop-down list, select Marketing Strategy Discussion and on the General Tab verify that SamH is in the list box, Members.

    • Click Group Management Web site from the Groups toolbar to open the FIM Portal. On the navigation bar, click Distribution Groups, click the search icon, and then click Marketing Strategy Discussion. On the Marketing Strategy Discussion page, click Members, and verify SamH is a member of Marketing Strategy Discussion.

      -or-

      Click My DG Memberships and verify that the logged in user (SamH) is a member of Marketing Strategy Discussion.

Request to join an additional group

After joining Marketing Strategy Discussion, SamH also needs to join Marketing Communications Review. In this step, SamH initiates another join group request

To request to join a group

  1. Log on to the client computer as SamH, and then open Office Outlook 2007.

  2. Click Groups, and then click Join Group.

  3. Click Join, select Marketing Communications Review and then click OK.

  4. Click Send.

Join group request is processed by one of the approvers

After SamH submits the join group request, the owners of Marketing Communications Review, CherylR and TammyW, receive notification of a request to join their group. CherylR approves the join group request before TammyW.

To approve join group request

  1. Log on as CherylR, and then open Office Outlook 2007.

    The Inbox for CherylR contains the approval request e-mail message for SamH to join Marketing Communications Review.

    Upon receiving the first approval or approval update e-mail message two Search folders are created in both the mailboxes of CherylR and TammyW:

    Approval Requests

    Approval Requests - Updates

  2. Approve the join group request as CherylR in one of the following ways:

    • On the Outlook 2007 main window, under Inbox, select the approval message. In the bottom part of the reading pane, click Approve, and then click Send.

    • On the Outlook 2007 main window, under Inbox, select and right click the approval message. Click Approve from the context menu presented, and then click Send.

    • Open the e-mail message, click Approve on the Approval tab in the Outlook 2007 ribbon, and then click Send.

    • Select the approval e-mail, open the Actions menu, click Approve, and then click Send.

    • From the Outlook 2007 main window, go to Approval Requests, select the approval message. In the bottom part of the reading pane, click Approve.

    • From the toolbar on the Outlook 2007 main window, click the Groups button and then from the drop-down list presented click Group Management Web site to open the FIM Portal. From the navigation pane, under Requests and Approvals, click Approve Requests, select the join group request, and then click Approve.

    After CherylR approves the approval request several actions occur:

    • CherylR and TammyW receive an Approval Request Update in their Inbox stating there has been an approval update.

    • The Approval Requests - Updates folder contains the approval update notification message sent by FIM 2010 after CherylR approved the join group request.

    • The original approval request e-mail is moved to the Deleted Items folder.

      You can modify this behavior in Outlook 2007. If you click the Tools menu, select Options and click the Approval tab, you can configure the behavior of the approval request message after it has been processed so that it remains in the user’s inbox. If the Add-in were configured to keep the original approval request in the user’s inbox, the request could also be seen in the Approval Requests search folder.

    • TammyW, who did not respond to the approval request, will see the Approve and Reject buttons on the original approval request replaced with a status message stating the request is Approved.

Verify the requestor is a member of the group

In this step, you verify SamH is a member of Marketing Communications Review

To verify the requestor is a member of the group

  1. Login as SamH, and then open Outlook 2007.

  2. Verify SamH is now a member of Marketing Communications Review in one of the following ways

  3. From the toolbar on the Outlook 2007 main window click Tools and then click Address Book. Select SamH, view the user properties and verify that SamH is a member of Marketing Communications Review.

    -or-

    Select All Groups from the drop-down list, select Marketing Communications Review and on the General Tab, verify that SamH is in the list box, Members.

  4. Click Group Management Web site from the Groups toolbar to open the FIM Portal. On the navigation bar, click Distribution Groups, click the search icon, and then click Marketing Communications Review. On the Marketing Communications Review page under Members, verify that SamH is a member of Marketing Communications Review.

    -or-

    Click My DG Memberships and verify that the logged-in user, SamH, is a member of Marketing Communications Review.

Configuration of the FIM Add-in for Outlook

You can configure the behavior of the approval request mails and the approval request folders created in the Search folder of the Microsoft Outlook 2007 user's mailbox. The changes made to these setting take effect immediately and do not require you to restart Outlook.

To configure the FIM 2010 Add-in for Outlook 2007 feature

  1. Open Outlook 2007.

  2. On the Tools menu, click Options.

  3. On the Options property sheet, click Identity Management.

    This allows you to modify the following settings:

    Approval Requests - this setting allows you to determine the behavior of the add-in after you send an approval response. You can choose whether to move the approval request to the Deleted Items folder located in the user's mailbox or leave the approval request in its original folder after sending an approval response.

    Search Folders - Restores the approval search folders.

    Connectivity – (Read only) This configuration specifies the mail account for the FIM 2010 server, and the URL of the FIM Portal.

Enabling logging for FIM Add-in for Outlook

Enabling logging on the FIM Add-in for Outlook can help troubleshoot errors and problems in configuration.

To enable logging for FIM Add-in for Outlook

  1. Create a file with the name Microsoft.IdentityManagement.Client.Office.dll.config as an XML configuration file. Create the file in:

    C:\Program Files (x86)\Microsoft Forefront Identity Manager\2010\Add-in for Outlook (64 bit operating system)

    -or-

    C:\Program Files\Microsoft Forefront Identity Manager\2010\Add-in for Outlook (32 bit operating system)

  2. The text of the file is as follows:

    <?xml version="1.0" encoding="utf-8"?>
<configuration>    
          <system.diagnostics>
                    <trace autoflush="true"/>
                    <sources>
                              <source name="Microsoft.ResourceManagement" switchValue="Verbose">
                                        <listeners>
                                                  <add name="text" type="System.Diagnostics.TextWriterTraceListener" initializeData="identitymanagement_outlook.log" traceOutputOptions="Timestamp,ThreadId,DateTime"/>
                                        </listeners>
                              </source>
                    </sources>
          </system.diagnostics>
</configuration>

  3. Additional configurations:

    • Change the name and location of the log file as appropriate.

    • The initializeData value should contain the full path\filename of the log file.

    • The target folder should be local and the user running Outlook should have Write privileges. If the log file does not exist, it will be created there, and if it exists, it will be appended to.

Summary

You can add members to groups using the FIM Add-in for Outlook component that is included with FIM 2010 RC1. This component is an extension of the functionality offered in the FIM Portal.

After you complete the procedures in this document, you can try other scenarios, such as leaving a group or removing members from a group. Doing so helps you understand how to use the FIM Add-in for Outlook.