As much as possible I like to keep my Workflows simple with a minimum number of steps. When updating attributes I prefer, wherever possible, to only update a single attribute per Workflow Definition. So for example I’ll have separate Workflows for “Set DisplayName” and “Set AccountName” rather than rolling the two together in a single…
Category: Workflow
FIM Best Practice: Separate Grants Permission from Workflow MPRs
MPRs should either have “Grants Permission” ticked, or they should trigger Workflows, but preferably not both.
FIM Best Practice: Sort out errors
Both in the Sync Service and the Portal there may be regular error messages that we just live with. We’ve figured out they’re “low priority” or perhaps they’re false alerts, where FIM thinks there’s an error but the end result is fine. However, as much as possible, we should aim for a system that runs…
Rewriting my GenerateUnique activity as a PowerShell script
The first custom workflow activity I wrote was one to select a unique value from a list of possible values placed in WorkflowData variables. I’ve now re-written this as a PowerShell script to use with the open source FIM PowerShell activity. The script here just checks again the Portal, but it would be a simple…
Having a play with Craig Martin’s FIM PowerShell Activity
I’ve been wanting to explore the possibilities of Craig Martin’s FIM PowerShell Workflow Activity for a while, and now my lab is out of it’s TechEd bubble-wrap I can get back to play. In this post a couple of extra steps I had to take to get it working on R2. I’ll post sample scripts…
Archiving Requests and Approvals by Email
I just had a request to do with auditing activity in the FIM Portal, and as the solution was quite neat and easy to implement I thought I’d share it. The security team need to archive information about who makes changes in AD and other applications, and now they need to be able to audit…
A Script to make FIM Policy “Self-Documenting”
There’s an ongoing problem with maintaining a system that has all the configuration possibilities of FIM. Documentation is usually out of date the moment it’s written and it’s a cumbersome way to try and understand a system anyway. One thing that can at least make your Policy configuration a bit easier to understand is to…
A best practise for MPRs – separate Grants Permission from Workflow
In my current project I’ve created around 40 Workflows and over 80 MPRs – and this is just phase one! In an effort to keep things tidy I’ve been using naming conventions and a consistent design approach, and one thing I found myself doing was separating MPRs that grant permissions from MPRs that run Workflows.
Authorization after an Action
Something that has come up from time to time on the FIM forum is the need to trigger an AuthZ workflow based on some change made by an Action workflow (or by the Sync Service). This is not possible in the FIM Service today and I don’t see any evidence that it will be possible in the…
Event Broker for FIM 2010
Unify Solutions have a bunch of great add-on products for FIM 2010 and, now I’m working here, I have a chance to find out more about them. The first one I’ve been playing with is the FIM Event Broker, which is essentially a task scheduler for FIM Sync, with all sorts of great features like…