Identity and Access Management – Page 16

It's time to get your head out of the clouds!

27th of February, 2017 / Joshua Rack / No Comments

For those of you who know me, you are probably thinking “Why on earth would we be wanting to get our heads out of the “Cloud” when all you’ve been telling me for years now is the need to adopt cloud!
This is true for the most part, but my point here is many businesses are being flooded by service providers in every direction to adopt or subscribe to their “cloud” based offering, furthermore ICT budgets are being squeezed forcing organisations into SaaS applications.… [Keep reading] “It's time to get your head out of the clouds!”

How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports

17th of February, 2017 / Darren Robinson / No Comments

Introduction

I’ve been working on a project where I must have visibility of a large number of Azure AD Groups into Microsoft Identity Manager.
In order to make this efficient I need to use the Differential Query function of the AzureAD Graph API. I’ve detailed that before in this post How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries. Due to the number of groups and the number of members in the Azure AD Groups I needed to implement Paged Imports on my favourite PowerShell Management Agent (Granfeldt PowerShell MA).… [Keep reading] “How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports”

Introduction to MIM Advanced Workflows with MIMWAL

16th of February, 2017 / Michael Pearn / 1 Comment

Introduction

Microsoft late last year introduced the ‘MIMWAL’, or to say it in full: (inhales) ‘Microsoft Identity Manager Workflow Activity Library’ – an open source project that extends the default workflows & functions that come with MIM.
Personally I’ve been using a version of MIMWAL for a number of years, as have my colleagues, in working on MIM projects with Microsoft Consulting. This is the first time however it’s been available publicly to all MIM customers, so I thought it’d be a good idea to introduce how to source it, install it and work with it.… [Keep reading] “Introduction to MIM Advanced Workflows with MIMWAL”

Setting up your SP 2013 Web App for MIM SP1 & Kerberos SSO

3rd of February, 2017 / Michael Pearn / No Comments

I confess: getting a Microsoft product based website working with Kerberos and Single Sign On (i.e. without authentication prompts from a domain joined workstation or server) feels somewhat of a ‘black art’ for me.
I’m generally ok with registering SPNs, SSLs, working with load balancing IPs etc, but when it comes to the final Internet Explorer test, and it fails and I see an NTLM style auth. prompt, it’s enough to send me into a deep rage (or depression or both).… [Keep reading] “Setting up your SP 2013 Web App for MIM SP1 & Kerberos SSO”

ADFS v 2.0 Migration to ADFS 2016

1st of February, 2017 / Peter Aram / 14 Comments

Introduction
Some organisations may still have ADFS v2 or ADFS v2.1 running in their environment, and haven’t yet moved to ADFS v3. In this blog, we will discuss how can you move away from ADFS v2 or ADFS v2.1 and migrate or upgrade to ADFS 2016.
In previous posts, Part 1 and Part 2 we have covered the migration of ADFS v3.0 to ADFS 2016. I have received some messages on LinkedIn to cover the migration process from ADFS v2 to ADFS 2016 as there currently isn’t much information about this.… [Keep reading] “ADFS v 2.0 Migration to ADFS 2016”

Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration

31st of January, 2017 / Darren Robinson / 6 Comments

Last week in a customer development environment I had one of those oh shit moments where I thought I’d lost a couple of weeks of work. A couple of weeks of development around multiple Management Agents, MV Schema changes etc. Luckily for me I was just connecting to an older VM Image, but it got me thinking. It would be nice to have an automated process that each night would;

Export each Management Agent on a FIM/MIM Sync Server
Export the FIM/MIM Synchronisation Server Configuration
Take a copy of the Extensions Folder (where I keep my PowerShell Management Agents scripts)
Export the FIM/MIM Service Server Configuration

And that is what this post covers.… [Keep reading] “Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration”

How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent

28th of January, 2017 / Darren Robinson / No Comments

Introduction

In the last 12 months I’ve lost count of the number of PowerShell Management Agents I’ve written to integrate Microsoft Identity Manager with a plethora of environments. The majority though have not been of huge scale (<50k objects) and the import of the managed entities into the Connector Space/Metaverse runs through pretty timely.
However this week I’ve been working on a AzureAD Groups PS MA for an environment with 40k+ groups. That in itself isn’t that large, but when you start processing Group Memberships as well, the Import process can take an hour for a Full Sync.… [Keep reading] “How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent”

WAP (2012 R2) Migration to WAP (2016)

25th of January, 2017 / Peter Aram / No Comments

In Part 1, and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In part 3 we have discussed the integration of Azure MFA with ADFS 2016, and in this post (technically part 4) we will cover the migration or better yet upgrade WAP 2012 R2 to WAP 2016.
Again, this blog assumes you already have installed the Web Application Proxy feature while adding the Remote Access role.… [Keep reading] “WAP (2012 R2) Migration to WAP (2016)”

How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries

25th of January, 2017 / Darren Robinson / No Comments

Introduction

In August 2016 I wrote this post on how to use PowerShell to leverage the Microsoft GraphAPI and use Differential Queries. The premise behind that post was I required a Microsoft Identity Manager Management Agent to synchronize identity information from AzureAD into Microsoft Identity Manager. However the environment it was intended for has a large AzureAD implementation and performing a Full Sync every-time is just to time consuming. Even more so with this limitation that still exists today in MIM 2016 with SP1.… [Keep reading] “How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration

24th of January, 2017 / Peter Aram / No Comments

In Part 1 and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In this series we will continue our venture in configuring Azure MFA in ADFS 2016.
Azure MFA – What is it about?
It is a bit confusing when we mention that we need to enable Azure MFA on ADFS. Technically, this method is actually integrating Azure MFA with ADFS. MFA itself is authenticating on Azure AD, however, ADFS is prompting you enter an MFA code which will be verified with the Azure AD to sign you in.… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration”