An Azure MFA Management Agent for User MFA Reporting using Microsoft Identity Manager

Microsoft as part of the uplift in Authentication Methods capability have extended the Graph API to contain User Azure MFA information. My customers have been requesting MFA User Reporting data for some time. How many users are registered for Azure MFA? What and how many methods are they registered with? The new Graph API functions provide this information and we no longer have to use the legacy MSOLUser PowerShell cmdlet to obtain the strongAuthenticationMethods information. The new API’s provide;

Azure MFA User Reporting Management Agent

With this new functionality exposed, I’ve built an Azure MFA Management Agent for Microsoft Identity Manager to consume information from the credentialRegistrationDetails API, which can then be used in Identity Workflows to trigger notifications to users that don’t have enough registered methods (e.g.… [Keep reading] “An Azure MFA Management Agent for User MFA Reporting using Microsoft Identity Manager”

Automated Microsoft Identity Manager Configuration Backups & Documentation to Azure

Two and half years ago I wrote this post on creating an Azure Function to trigger the process of Automating Microsoft Identity Manager Configuration backups. The Azure Function piece was a little obtuse. I was using it, as it was the “new thing” and it was my new hammer. And everything was a nail. The reality is that the rest of the process is completely valid (nightly backups of your development Identity Manager configuration).… [Keep reading] “Automated Microsoft Identity Manager Configuration Backups & Documentation to Azure”

A Rudimentary RACF Management Agent for Microsoft Identity Manager

A RACF Management Agent for Microsoft Identity Manager ? Isn’t there one in the box? No. Host Integration Management Agents were deprecated when Microsoft released Forefront Identity Manager as the successor to Identity Lifecycle Manager (ILM). I understand it was partly due to lack of demand for the integration, and the reliance on Host Integration Server (HIS) along with the move in operating system support 32-bit (in ILM) to 64-bit (in FIM). With ILM integration with Host Systems via HIS you were required to map out the key sequences anyway.… [Keep reading] “A Rudimentary RACF Management Agent for Microsoft Identity Manager”

Microsoft Identity Manager PowerShell Management Agent for Oracle Internet Directory

Why a FIM/MIM PowerShell Management Agent for Oracle Internet Directory? Why not just use the Generic LDAP Connector for Microsoft Identity Manager? I needed an integration solution that was able to update an Oracle Database behind Oracle Internet Directory. That meant I required a solution that was able to use LDAP to get visibility as to who/what was in OID, but then make updates into an Oracle DB. That functionality I wanted to be contained on a single Management Agent, not an MA for the Database and another for LDAP.… [Keep reading] “Microsoft Identity Manager PowerShell Management Agent for Oracle Internet Directory”

Configuring the Lithnet REST API for the FIM/MIM Service post MIM Version 4.4.x.x

Last year I wrote this post on installing and configuring the Lithnet REST API for the FIM/MIM Service and integrating it with Azure API Management.

This week on a fresh installation of Microsoft Identity Manager with SP1 I was installing the Lithnet REST API for the FIM/MIM Service and was getting errors from the WCF Web Service finding the correct version of the Microsoft.ResourceManagement.dll.

Error finding Microsoft.ResourceManagement DLL.PNG

After a little troubleshooting and no progress I recalled Kent Nordström posting the following tweet last month.… [Keep reading] “Configuring the Lithnet REST API for the FIM/MIM Service post MIM Version 4.4.x.x”

Error: Failed to connect to the specified database when creating a Microsoft Identity Manager Service MA

Last week I was installing Microsoft Identity Manager into a development environment. The install was using Microsoft Identity Manager 2016 with SP1 and was version 4.5.285.0. The install had gone well, SQL, Synchronisation Server, MIM Service and Portal etc. I had even created a couple of Management Agents. However when it came time to create the Microsoft Identity Manager Service MA, the Synchronisation Server returned the error “Failed to connect to the specified database”.

Failed to connect to the specified database.PNG

Jumping over to the Event Log I found the error below.… [Keep reading] “Error: Failed to connect to the specified database when creating a Microsoft Identity Manager Service MA”

Error 25009 HResult 0x80131700 when installing Microsoft Identity Manager

This week I was installing Microsoft Identity Manager in a new environment and wasn’t using my usual scripts that semi automate the process. During the installation of the Microsoft Identity Manager Synchronization Service I got the Error 25009 HResult 0x80131700 as shown below.

As mentioned above I normally do this semi-automated but this time I was updating a bunch of that so was starting with a fresh install on a Windows Server 2016 host.

Note: Windows Server 2019 isn’t an officially supported platform currently.… [Keep reading] “Error 25009 HResult 0x80131700 when installing Microsoft Identity Manager”

SailPoint IdentityNow Governance Groups Management Agent for Microsoft Identity Manager

Last week I posted a SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager. Today I’m posting a sister for it, an IdentityNow Governance Groups Management Agent.

I’ve posted about Governance Groups before. See Managing SailPoint IdentityNow Governance Groups via the API with PowerShell. That post details creating and managing Governance Groups via the API.

This Management Agent is essentially the enumeration of Governance Groups in IdentityNow via API wrapped up in a PowerShell Management Agent.… [Keep reading] “SailPoint IdentityNow Governance Groups Management Agent for Microsoft Identity Manager”

SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager

This is the first post in a series where I will provide a number of base-level Management Agents for Microsoft Identity Manager to integrate with SailPoint IdentityNow. Whilst the two products have areas of competing/equivalent functionality there are other aspects where integration of the two compliment each other. Whilst that is not the purpose of this post, through the series of upcoming posts it will be relatively easy to extrapolate how the two products can happy co-exist and orchestrate each other for certain functions.… [Keep reading] “SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager”

Using Invoke-WebRequest calls within a Granfeldt PowerShell MA for Microsoft Identity Manager

If you use PowerShell extensively you should be familiar with the Invoke-RestMethod cmdlet and the ability for PowerShell to call API’s and receive information. The great thing about Invoke-RestMethod is the inbuilt conversion of the results to PowerShell Objects. However there are times when you need the raw response (probably because you are trying to bend things in directions they aren’t supposed to be; story of many of my integrations).

From within Granfeldt PowerShell Management Agent script(s) that use Invoke-WebRequest calls, these will in turn leverage the Internet Explorer COM API on the local machine.… [Keep reading] “Using Invoke-WebRequest calls within a Granfeldt PowerShell MA for Microsoft Identity Manager”