Hi all, My scenario looks like the following: - FIM2010 RC 1 CM and SE components deployed, the portal is out of focus - Certificate enrollment requests should be provisioned through the synchronization engine with some MV extension logic - The CM database must hold additional data items per request. This data collection will be re-used in the certificate request to set up an individual subject name within the certificate (done by the Certificate Subject Module) - In a simple deployment scenario (initiate requests via the clm web site, not through the CLM MA) the data collection will be defined in a CM Profile template in e.g. the enroll policy. The data will then be collected either within the approval or execution process. My questions: - How do I have to configure the CM policy to accept data collection from an external system (CLM MA). The data item originator is neither the user nor the Certificate Manager - Currently I’m using the following provisioning code. How do I have to extend the code so that I can flow data items to the CM database csentry.DN = targetCLMMA.EscapeDNComponent("CN=" + Guid.NewGuid().ToString()) csentry("req_originator_user_uuid").BinaryValue = orginator.ToByteArray() csentry("req_type").IntegerValue = 1 csentry("req_type_name").Value = "Enroll" csentry("req_target_user_uuid").BinaryValue = mventry("ObjectGUID").BinaryValue csentry("req_profile_template_name").Value = "Smart Card Logon Profile Template" csentry("req_profile_template_uuid").BinaryValue = profile.ToByteArray() csentry.CommitNewConnector() Any help / comments are appreciated Thanks in advance Matthias

I don't believe that you're going to be able to this with just the CLM MA. The CLM MA performs only very basic operations related to the creation of request objects. I think that you're going have to use a combination of the CLM MA and the Provisioning API to do what you want to do.http://msdn.microsoft.com/en-us/library/bb468059(VS.85).aspxPaul Adare CTO IdentIT Inc. ILM MVP

While the CLM MA does cover a lot of CLM profile transitions, you'll need customization to use Data Collection with the CLM MA.CraigMartin Edgile, Inc. http://identitytrench.com

Craig, Paul, thanks for reply.Craig, what do you me by customization of CLM profile transistions. Could you give me some more hints

The CLM MA already handles almost all of the profile transitions, for example:enrolled --> retiredsuspened --> activeactive --> disabledetc, etcWhen it creates the CLM Requests however it does not allow you to supply Data Collection items. Since the source for the MA is not available you can't customize it to add this functionality, but you could create your own MA that talks to the Provision API.That is the customization part that is no small effort. As Paul says, there is a lot you could accomplish using the Provision API but it does not support all of the state transitions. This might be fine for your scenario, however. If the Provision API hits all of your scenarios then you just need to write an XMA that talks to the Provision API (easy to say, but also not a small effort).This could be a fun project for CodePlex and/or a DCR for the CLM MA.CraigMartin Edgile, Inc. http://identitytrench.com

I had a support call with the product group and yes: the CLM MA doesn't support data collection items. So we have to switch to the Remote Provisioning API :-(/Matthias