Selective provisioning to the portal
Hi, I have an HR feed that contains a lot of users that should not be provisioned to the portal. Reading this thread http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/5b40a979-ec0a-44e4-86b6-98a50addb9cf I am not able to get the method to work with the three inbound sync rules. The users are all getting provisioned even if they fall in the scope of the sync rule without "Create in FIM" checked. Reading further in that thread, am I correct in thinking that the way we should do this is having a second management agent--so that one is a feed of users from HR that should be provisioned and the other is a feed with users who shouldn't? That seems rather cumbersome... I appreciate any guidance. Thanks, Sami
October 11th, 2012 8:53pm

I'm giving Carol's suggestion here http://www.wapshere.com/missmiis/selective-provisioning-to-the-fim-ma-well-sort-of a try. The client is buying licenses for all of their users, but only want to introduce the portal in a phased approach. I think this has merit as it keeps sync times down and keeps the portal from becoming over-cluttered for the phase when the users are supplying feedback. I do wish there were a way to do this that was more straightforward. Not every implementation is one in which the client wants to bring everyone in at once. (In this case, it's a global company and they are bringing regions in in phases, but would still like to use the sync engine to provision and deprovision accounts that aren't part of phase 1.) Thanks, Sami
Free Windows Admin Tool Kit Click here and download it now
October 17th, 2012 6:59pm

Hi, From what I recall only one FIM MA is supported. Here's a few options: Classify your user types (e.g. staff, student, etc) and store this in an attribute. Then create a filter to exclude the ones you do not want to export to the Portal.This might have long term consequences, so you need to plan carefully, but you could create different MV objects for different user types, and only export the one specific user type to the Portal.MV extension as Carol pointed out. Regards.
October 18th, 2012 12:52am

Hi, From what I recall only one FIM MA is supported. Here's a few options: Classify your user types (e.g. staff, student, etc) and store this in an attribute. Then create a filter to exclude the ones you do not want to export to the Portal.This might have long term consequences, so you need to plan carefully, but you could create different MV objects for different user types, and only export the one specific user type to the Portal.MV extension as Carol pointed out. Regards.
Free Windows Admin Tool Kit Click here and download it now
October 18th, 2012 12:52am

Unfortunately, the "create in FIM" language in the Portal Synchronization Rules is pretty confusing and has nothing to do with pushing records into the FIM Service; it should really say "create in Metaverse," but for some reason the Portal seems to eschew that term. The product is designed such that any metaverse object type that has a mapping to a FIM Service / FIM Portal object type will be provisioned into the portal.
October 19th, 2012 2:07pm

Thanks for the clarification, though it is confusing terminology as you said. I think I may have *sort of* gotten it working... I hadn't selected the appropriate "Apply To" radio button on the front page of the SR... This is what 80 hour weeks do to a person. Thanks for all of the help.
Free Windows Admin Tool Kit Click here and download it now
October 19th, 2012 7:02pm

Hi, Thanks for your response. For your first option--I tried storing an attribute to indicate whether a user should be provisioned or not, but it didn't seem to work. I put a filter on the Inbound Sync rule to only apply to users with a status of 'A' and had "create in FIM" selected but it still created everyone in the portal. (I also tried creating an additional SR for users without a status of 'A' with "create in FIM" unchecked, but they got created too.) Was that the wrong approach? Should the filter be done elsewhere? I wasn't thinking two FIM MAs, I was thinking of two HR MAs, but my experiments there led to the same results. If a person object is in the MV and there's a sync rule ot bring person objects to the portal, even if it has an inbound scoping filter, the person got created in the portal. I appreciate your help. Thanks, Sami
October 29th, 2012 6:49am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics