A modern way to track FIM/MIM Attribute Value History utilizing Power BI

20th of November, 2017 / / No Comments

Introduction

Microsoft Identity Manager is fantastic for keeping data consistent between connected systems. Often however you want to know what a previous value of an attribute was. FIM/MIM however can only tell you the current value and the Management Agent it was received on and when.
In the past where I’ve had to provide a solution to either make sure an attribute has a unique value forever (e.g email address or loginID (don’t reuse email addresses or loginID)) or just attribute value history I’ve used two different approaches;

  • Store previous values in an SQL Table and have an SQL MA that flows out the values
  • Store historical values in a Multi-Valued attribute on the user object in the Metaverse

Both are valid approaches but often fall down when you want to quickly get a report on that metadata.… [Keep reading] “A modern way to track FIM/MIM Attribute Value History utilizing Power BI”

A quick start guide for Deploying and Configuring Node-RED as an Azure WebApp

7th of November, 2017 / / No Comments

Introduction

I’ve been experimenting and messing around with IoT devices for well over 10 years. Back then it wasn’t called IoT, and it was very much a build it and write it yourself approach.
Fast forward to 2017 and you can buy a microprocessor for a couple of dollars that includes WiFi. Environmental sensors are available for another couple of dollars and we can start to publish environmental telemetry without having to build circuitry and develop code.… [Keep reading] “A quick start guide for Deploying and Configuring Node-RED as an Azure WebApp”

Validate Your Authoritative Sources – Creating a Fuse for FIM/MIM Import and Sync run cycles

18th of October, 2017 / / No Comments

 

Introduction

The Microsoft Identity Manager Synchronisation Engine has been around for close to 20 years and is highly functional and very reliable.
The Achilles heal though for any IDAM Sync Engine will always be an authoritative source and the information it provides to the Sync Engine.
I’m seeing more and more SaaS services being used as the Authoritative Source for identity management systems. Think Success Factors and Workday. Connecting across the internet to these and the rate of change within organisations means the amount of change data I’m seeing as well as the common human factor of changes en-mass means it is even more important to validate your import feeds before processing through your Sync Engines business logic.… [Keep reading] “Validate Your Authoritative Sources – Creating a Fuse for FIM/MIM Import and Sync run cycles”

Getting started developing Custom Actions for the Google Assistant (Home)

22nd of September, 2017 / / No Comments

 

Introduction

Whilst I was in the USA recently I bought myself a Google Home. My home already had Hue Lights, Chromecast on a couple of TV’s and I’m a big user of Spotify (Premium). It was very quick to get it up and running and doing simple tasks, but I started thinking about what custom things I could get it to do. Could I get it to call custom/private API to get some information and let me know the result?… [Keep reading] “Getting started developing Custom Actions for the Google Assistant (Home)”

Enabling and using Managed Service Identity to access an Azure Key Vault with Azure PowerShell Functions

19th of September, 2017 / / 4 Comments

Introduction

At the end of last week (14 Sept 2017) Microsoft announced a new Azure Active Directory feature – Managed Service Identity. Managed Service Identity helps solve the chicken and egg bootstrap problem of needing credentials to connect to the Azure Key Vault to retrieve credentials. When used in conjunction with Virtual Machines, Web Apps and Azure Functions that meant having to implement methods to obfuscate credentials that were stored within them. I touched on one method that I’ve used a lot in this post here whereby I encrypt the credential and store it in the Application Settings, but it still required a keyfile to allow reversing of the encryption as part of the automation process.… [Keep reading] “Enabling and using Managed Service Identity to access an Azure Key Vault with Azure PowerShell Functions”

Display Microsoft Identity Manager Sync Engine Statistics in the MIM Portal

15th of September, 2017 / / No Comments

Introduction

In the Microsoft / Forefront Identity Manager Synchronization Service Manager under Tools we have a Statistics Report. This gives a break down of each of the Management Agents and the Connectors on each MA.
I had a recent requirement to expose this information for a customer but I didn’t want them to have to connect to the Synchronization Server (and be given the permissions to allow them to). So I looked into another way of providing a subset of this information in the MIM Portal itself.  … [Keep reading] “Display Microsoft Identity Manager Sync Engine Statistics in the MIM Portal”

Quickly creating and using an Azure Key Vault with PowerShell

14th of September, 2017 / / No Comments

Introduction

A couple of weeks back I was messing around with the Azure Key Vault looking to centralise a bunch of credentials for my ever-growing list of Azure Functions that are automating numerous tasks. What I found was getting an Azure Key Vault setup and getting credentials in and out was a little more cumbersome than what I thought it should be. At that same point via Twitter this tweet appeared in my timeline from a retweet.… [Keep reading] “Quickly creating and using an Azure Key Vault with PowerShell”

Configuring Remote PowerShell to a Remote Active Directory Forest for FIM/MIM GalSync

7th of September, 2017 / / No Comments

Introduction

Windows Remote Management (aka Remote PowerShell) is a wonderful thing; when it works straight out of the box when you’re in the same domain. Getting it working across Forests though can feel like jumping through hoop after hoop, and sometimes like the hoops are on fire.  When configuring GALSync ([Exchange] Global Address List Synchronisation) with FIM/MIM this always means across AD Forests. The graphic below shows the simplest relationship. If there is a firewall(s) in between then you’ll have additional hoops to jump through.… [Keep reading] “Configuring Remote PowerShell to a Remote Active Directory Forest for FIM/MIM GalSync”

Receive Push Notifications from Microsoft Identity Manager on your Mobile/Tablet/Computer

5th of September, 2017 / / No Comments

Background

Recently in a FIM/MIM environment a daily automated process was executing but the task it was performing was dependent on an upstream process that generates a feed, and the schedule for that feed had changed (without notice to me). Needless to say FIM/MIM wasn’t getting the information it needed to process. This got me thinking about notifications.
If you’re anything like me you probably have numerous email accounts and your subconscious has all but programmed itself to ignore “new email” notifications.… [Keep reading] “Receive Push Notifications from Microsoft Identity Manager on your Mobile/Tablet/Computer”

Creating an AzureAD WebApp using PowerShell to leverage Certificate Based Authentication

17th of August, 2017 / / No Comments

Introduction

Previously I’ve posted about using PowerShell to access the Microsoft AzureAD/Graph API in a number of different ways. Two such examples I’ve listed below. The first uses a Username and Password method for Authentication, whilst the second uses a registered application and therefore ClientID and Client Secret.

As time has gone on I have numerous WebApp’s doing all sorts of automation.… [Keep reading] “Creating an AzureAD WebApp using PowerShell to leverage Certificate Based Authentication”