Anybody integrated FIM with FIM CM to provide a complete IdM solution? I would like to use FIM to automatically provision users & issue smart cards. Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

well... i tried it in a lab with EFS certificates and it worked. you can create a request and export it to the FIM CM, but with a smartcards I believe you can only proviosion requests to FIM CM and users will have to complete an enrollement process actually, Paul Adare and Brian Komar have a good example how to do this for EFS certs in their CLM training course :)

Thanks Evgeniy. Anybody achieved this for Windows smart card logon? We are evaluating FIM & it would be great to be able to state the level of integration between FIM & FIM CM. Is there potential here for a Wiki article? Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

Thanks Evgeniy. Anybody achieved this for Windows smart card logon? We are evaluating FIM & it would be great to be able to state the level of integration between FIM & FIM CM. Is there potential here for a Wiki article? Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

for the smartcard logon itself - GPO with autoenroll settings is enough. even enough for renewal. if you don't need SMIME signatures then FIM CM/CLM will be usefull for 'forgotten PIN' scenarios if your cards support smartcard mini-drivers architecture. otherwise - go with GPO.

for the smartcard logon itself - GPO with autoenroll settings is enough. even enough for renewal. if you don't need SMIME signatures then FIM CM/CLM will be usefull for 'forgotten PIN' scenarios if your cards support smartcard mini-drivers architecture. otherwise - go with GPO.

I am talking more about the whole smart card management lifecycle. More really about the capability of the 'MA for Certificate and Smart Card Management' when combined with the end-to-end provisioning process through FIM 2010. I'd like to be able to automatically provision the usual users, mailboxes, filestore.. and smart cards for logon. Yes I have a BaseCSP compatible card. Any info greatly appreciated. Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

I am talking more about the whole smart card management lifecycle. More really about the capability of the 'MA for Certificate and Smart Card Management' when combined with the end-to-end provisioning process through FIM 2010. I'd like to be able to automatically provision the usual users, mailboxes, filestore.. and smart cards for logon. Yes I have a BaseCSP compatible card. Any info greatly appreciated. Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

Some experiences from one of my previous projects: We’ve started using the built-in FIM CM MA to set up a complete certificate lifecycle enroll disable (suspend) re-enable (reinstate) and revoke (retire) certificates but found some limitations, which we couldn’t accept in the project: Unable to include Data Collection Items in an enrollment request Unable to initiate a request at the FIM CM Portal / DB and immediately start it (execute) afterwards via the FIM CM MA Some smartcard processes cannot be managed by the CM MA The behavior the FIM CM interprets completed requests. It simply deletes the request in the FIM CM Connector Space. Could be okay, in our scenario we needed something else. For these reasons – and some others (e.g. performance) we extended our CM lifecycle solution with the FIM CM Remote Provisioning API. Using this API, we were much more flexible within the enrollment and revocation processes. However, the Remote API does not support Suspend & Reinstate processes. So we end up using the FIM CM MA as well as the Remote API and - yes - set up a complete CM lifecycle solution /Matthias

Great feedback Matthias, many thanks.. Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

It would be great to see more integration between FIM & FIM CM. They are currently seperate products. Perhaps the FIM CM portal (rebranded CLM portal) could be re-written in the (really nice) FIM portal style. Any MS folk know if this is in the FIM product roadmap? Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK