Forefront Identity Manager
When I logon as a user to the portal, identity Management, click on edit my profile, it won't let me change my information ie.. my contact info etc.....is there a setting I need to turn on to be able to edit my profile when logging on as a user?
September 3rd, 2010 4:31pm

You need an MPR to allow the user to edit their details. See the MPR, User management: Users can read attributes of their own
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2010 5:46pm

I want users to be able to do more than read their attributes, I want the users to be able to add/edit and remove.
September 3rd, 2010 8:05pm

I believe Sachin is saying that you need to add the edit permissions to that same MPR so that users will be able to edit their attributes in addition to reading them. You would would select 'modify a single-valued attriubte' and the checkboxes for multi-valued attribute if you want users to manipulate them as well. By default, they will be able to modify all attribute if these are selected. If you want to have more control over which attributes they can read and edit, you can go to the target resources tab and choose the appropriate attributes.
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2010 8:42pm

Thanks it worked
September 3rd, 2010 10:05pm

Yes. There is a management policy rule (mpr) that is included in the product to allow users to read their own profiles. You need to enable it and set the attribute list to those that you need. Then create another MPR that is similar except that it grants permission to modify and add and remove values from multi-valued attributes Go to Management Policy rules, look for User Management: Users can read attributes of their own.David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2010 12:23am

One more thing, after changing the setting to the MPR, logged on as a user and edit the user profile, and run the sync. On Active Directory the changed are not taking effect. Is there any policy settings I need to change on policy for the change to take effect on AD?
September 7th, 2010 5:50pm

Do you have inport attribute flow configured for these attributes on the FIM MA? You need to import them from the FIM MA and export them using the AD MA for the changes to take effect in AD.
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 9:21pm

Yes to your question. Is the sequence for sync for outbound as fallowing? FIM MA: Full Import, Full Synchronization, Export, Delta Import US ADMA: Full Import, Full synchronization FIM MA: Full Synchronization, Export, Delta Import
September 9th, 2010 5:16pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics