Identity and Access Management – Page 27

The Next Version of Forefront Identity Manager Is Coming in 2015

18th of May, 2014 / Harris Schneiderman / No Comments

There has been a lot of speculation about the next version of Microsoft Forefront Identity Manager. For those who follow Microsoft’s product roadmaps, a number of Forefront products have been cancelled by Microsoft. Here is a brief list:

Forefront Protection 2010 for Exchange
Forefront Protection 2010 for SharePoint
Forefront Security 2010 for Office Communication Server
Forefront Threat Management Gateway 2010
Forefront Unified Access Gateway 2010

Other products in the Forefront family have been renamed and become a more integrated part of another product. … [Keep reading] “The Next Version of Forefront Identity Manager Is Coming in 2015”

Moving Dirsync Between Active Directory Forests

12th of May, 2014 / Andy Walker / 10 Comments

With the ever growing popularity of Office 365 it’s no surprise that situations are starting to pop up where organizations want to move Dirsync between forests. A recent example of this was a customer who divested from a parent company leading to an inter-forest migration using the traditional ADMT tool set. Consequently directory synchronization (version 2.0) also had to be moved between forests. The good news is that this IS possible despite a fair amount of web content to the contrary.… [Keep reading] “Moving Dirsync Between Active Directory Forests”

DirSync and Distribution Group Self Service Management

6th of May, 2014 / Andy Walker / 2 Comments

If you’re an Office 365 Exchange Online customer and currently utilizing Directory Synchronization (DirSync) to synchronize between an on premise Active Directory and the Azure Active Directory you’ll be all too familiar with the limitations that are imposed around the management of distribution group membership. Namely an Exchange online user specified as the owner of a distribution group will not be able to manage the membership of that group through the standard Outlook Address Book interface as detailed here

In the background, if we think about this in relation to DirSync functionality, the group is being pushed from the on premise Active Directory to the Azure Active Directory in a one way sync.… [Keep reading] “DirSync and Distribution Group Self Service Management”

Protect Your Identity in the Cloud With Multi-Factor Authentication

16th of April, 2014 / Harris Schneiderman / 2 Comments

Multi-factor authentication is now available for both administrator and end user accounts. This service is now available Office 365, Windows Intune, and Microsoft Azure.

One of the risks of cloud technologies is that they are accessible from anywhere. This means that any hacker can try to log into your account from anywhere in the world. User names are usually public and widely known (i.e. an email address). The only thing standing between the hacker and your personal data is a password. … [Keep reading] “Protect Your Identity in the Cloud With Multi-Factor Authentication”

The FIM User Experience

27th of March, 2014 / Dan Thom / No Comments

A recent post by my colleague Jamie Skella “What UX Isn’t” started me thinking about how UX applies to FIM. Throughout my career as an Identity Management Consultant, I’ve seen projects reach a point in maturity where stakeholders are walked through the tasks an admin or user will perform in the portal, and the average eyebrow height in the room rises exponentially.

Those of us working with Microsoft’s identity products for a while, are used to seeing the glitz and glamour of the Sync Engine console, previously the only interface available with the product, so when the FIM Portal was introduced with FIM 2010, it gave a “user friendly” interface to work with.… [Keep reading] “The FIM User Experience”

Windows Azure Active Directory Self Service Password Reset

10th of December, 2013 / Mark Southwell / 1 Comment

Microsoft has recently released an enhancement to its Windows Azure Active Directory (WAAD) offering. This enhancement enables end users to perform self-service password resets in the case of a forgotten password. Previously this function was available to administrative accounts only.

WAAD self-service password reset (SSPR) is a premium offering, requiring Premium Features to be enabled for the WAAD.

Once WAAD Premium Features are enabled, the User Password Reset Policy can be edited and SSPR enabled. For the initial release, enabling SSPR does so for all WAAD user accounts.… [Keep reading] “Windows Azure Active Directory Self Service Password Reset”

FIM Case Study: Trying to achieve a 100% Declarative (or “Codeless”) Architecture

4th of October, 2013 / Michael Pearn / 4 Comments

When it comes to Microsoft’s Forefront Identity Manager (FIM), I sometimes run into ‘religious arguments’ with fellow FIM consultants about which way is the ‘correct’ or ‘right way’ to architect FIM to implement identity business rules into a brand new FIM architecture. Typically the argument comes about determining at the very start of a project about whether to base the FIM code base on ‘classical’ rules extensions using VB.NET or C# or try to use FIM R2’s Management Policy Rules (MPR), Sets, Sync.… [Keep reading] “FIM Case Study: Trying to achieve a 100% Declarative (or “Codeless”) Architecture”

PowerShell Deployment of Web Application Proxy and ADFS in Under 10 Minutes

14th of August, 2013 / Marc Terblanche / 17 Comments

===========================================================================
Updated 10 September 2013: tested with Windows 2012 R2 RTM and the script functions as in R2 Preview. Outlook Anywhere bug in the Preview code has been fixed and Outlook now works with RTM. Updated the script to correct Autodiscover ExternalURL
===========================================================================

In this post I will be discussing deploying a highly available Windows 2012 R2 Preview ADFS and Web Application Proxy solution using only PowerShell. This was done as a proof of concept to compare the time taken as well as complexity to build and configure a Reverse Proxy solution to replace a UAG 2010 array.… [Keep reading] “PowerShell Deployment of Web Application Proxy and ADFS in Under 10 Minutes”

Microsoft FIM: Working with Domino Connector v8

22nd of July, 2013 / Michael Pearn / 7 Comments

We don’t always work with all of the ‘latest’ or ‘bleeding edge’ software here at Kloud, and occasionally us Identity Management consultants have to delve into the past and use some knowledge once thought lost from the world. Okay, so it’s not that bad, but I did find myself having to work with IBM Domino Server version 8 and FIM R2’s ECMA based Lotus Domino Management Agent (or ‘Connector’ in the new language) for a bi-directional sync between Domino and Active Directory (Exchange, Lync etc.).… [Keep reading] “Microsoft FIM: Working with Domino Connector v8”

AD FS and self-signed Token-Signing certificates

17th of July, 2013 / Mark Southwell / 3 Comments

AD FS uses Token-Signing certificates to digitally sign security tokens generated by the service. This signature provides evidence that a security token has not been modified during transit. The public key of the Token-Signing certificate is provided during establishment of federation trusts so that the application or service receiving a signed security token can verify the signature.

Recently a Kloud client raised a query about the use of self-signed certificates versus use of a commercial certificate from a public certificate authority for the AD FS Token Signing certificate.… [Keep reading] “AD FS and self-signed Token-Signing certificates”