Hi, To retrieve renewal secrets (one time passwords) I can use the "DistributeSecrets" method. The problem is that this method is performing the distribution again. But I want to create my own (and different) message. Is there a way to retrieve renewal secrets data without redistribute the request? BR, Tamir. Tamir Lavi

I could use more in terms of a description of what you are trying. The non-descript answer; you can accomplish a one-time execution by creating a transition based MPR and executing your code on that transition. If you have "user must change password" attribute set (you could set pwdLastSet to 0 or use the userAcctountControl bit mask), you can have the users not be in the set and you can distribute the first-time password. Then, when pwdLastSet =! 0, the user becomes part of the set and the tMPR fires, and only once. Luck,Aaron Sankey, Avanade

I guess I wasn't clear enough. I will try to do it better this time: A request in the FIM CM can (but not must) have a one-time password to perform the request. For example - a renewal request can have an OTP that the user must use in order to execute the request. The OTP can be distributed by email to the user. The FIM - CM has an API called Provision API. The Provision API has a method called "requestOperation.DistributeSecrets". This method is just like choosing the "distribute" button - that is to redistribute the OTP by email or a document (as configured in the template profile). What I am looking for is a way to retrieve the OTP of any request (from a .Net program) , using an API - But not by redisribute the email to the user so I can generate a custom message to the user (E.G send an SMS, or whatever). Is there any way to do that with the provision API? Tamir Lavi

I guess I wasn't clear enough. I will try to do it better this time: A request in the FIM CM can (but not must) have a one-time password to perform the request. For example - a renewal request can have an OTP that the user must use in order to execute the request. The OTP can be distributed by email to the user. The FIM - CM has an API called Provision API. The Provision API has a method called "requestOperation.DistributeSecrets". This method is just like choosing the "distribute" button - that is to redistribute the OTP by email or a document (as configured in the template profile). What I am looking for is a way to retrieve the OTP of any request (from a .Net program) , using an API - But not by redisribute the email to the user so I can generate a custom message to the user (E.G send an SMS, or whatever). Is there any way to do that with the provision API? Tamir Lavi

I see. Now that I see the long version, I see I completely misread the first one -- Apologies. In the Microsoft.Clm.provision namespace, there isn't another method I know to grab the OTP and store it as a string or insert it somewhere. The RequestOperations class is where I would have looked. I did another check through the published namespaces that are available (by design). http://msdn.microsoft.com/en-us/library/ee623227.aspx I think the chief problem you are going to see here is that the OTP is available under the covers through that method, so I think the access of the OTP would require you to develop a method that would access and then store the OTP, instead of distributing it through the FIM functions. Instead, I would recommend sending it to a file and seeing if you can parse it. Grab some information about the request and grab the OTP using an external process and then use the information how you see fit. But, if you do develop a solution -- let us know even if you are selling it :) Luck,Aaron Sankey, Virteva

The provision API does allow you to read the secrets, the problem was that by doing so, you have to call the distribute procedure. Yet, even is the distribution option is disabled - I still get to read the secrets by calling "DistributeSecrets" method. So I have disabled the distribution option on the profile template, and I do the email distribution by myself, with an external code. Thanks, Tamir Lavi. Tamir Lavi

The provision API does allow you to read the secrets, the problem was that by doing so, you have to call the distribute procedure. Yet, even is the distribution option is disabled - I still get to read the secrets by calling "DistributeSecrets" method. So I have disabled the distribution option on the profile template, and I do the email distribution by myself, with an external code. Thanks, Tamir Lavi. Tamir Lavi

Hi, I wrote a custom sink that is sending nice html messages instead of the default text ones and adding logging stuff to our audit database. Getting the one time password should be pretty simple from outside, you can try something like: myCommonRequest = Microsoft.Clm.BusinessLayer.Requests.GetRequest(myRequestUuid) Console.WriteLine(Microsoft.Clm.BusinessLayer.SecretDistributor.GetMessage(myCommonRequest, "{Secret1}")) I think all SecretDistributor.Get* methods should return the same thing. hope this helps, Piotr

Hi, I wrote a custom sink that is sending nice html messages instead of the default text ones and adding logging stuff to our audit database. Getting the one time password should be pretty simple from outside, you can try something like: myCommonRequest = Microsoft.Clm.BusinessLayer.Requests.GetRequest(myRequestUuid) Console.WriteLine(Microsoft.Clm.BusinessLayer.SecretDistributor.GetMessage(myCommonRequest, "{Secret1}")) I think all SecretDistributor.Get* methods should return the same thing. hope this helps, Piotr

Thanks Pioter, There is only one thing about your solution. I can't find any documentation about the name space "Microsoft.Clm.BusinessLayer" For some reason Microsoft decided not to document it. Can't see why, but is it sure to rely on it? BR, Tamir Lavi. Tamir Lavi