In this post I will show how to attach an HR data source to the FIM Sync Service, and then import data about employees into the FIM Portal.
This post assumes you already have FIM installed, and have created the FIM Management Agent.
Create the HR Management Agent
|The aim is to create a management agent for your HR data source. In this example I’m using a SQL database, but it could equally be CSV, SAP, Oracle or something else. The product Help tells you how to configure the prerequisites for each of these MA types.|
|We’re going to use a codeless sync rule to import data, so we don’t need a join or projection rule here.If you’re not using the Portal,you will need to configure this tab – see Creating a Management Agent|
|If using codeless sync you can also leave the flow rules blank for now, though you may find you need to revisit this tab if you want to created Advanced flow rules that aren’t currently possible with codeless. Note that it’s fine to use a combination of codeless and coded rules. See Advance Attribute Flow Rules.|
Create the Import Sync Rule
|Now go into the Portal and open the Synchronization Rules page from under the Administration menu. Create a new Inbound Sync Rule.|
|The rule matches an external object type with a Metaverse object type, via the selected MA.|
|On this page we specify how to identify that an object in the external system matches an object in the Metaverse. In this case we’ll use the employeeID, which we will also be flowing from this source.
Note I’ve also ticked “Create resource in FIM” which will cause an object to be automatically provisioned into the connector space of the FIM MA, ready to export to the FIM Portal.
|Finally we specify our import flow rules, which should be pretty self-explanatory. It’s a good idea to make use of functions such as Trim and ProperCase to make sure that your data comes into the Metaverse in a fairly consistent state. Also be very sure to flow in the identifying attribute you specified in the form above!|
|If you need extra Metaverse attributes to import your data to then you will have to go back to the Synchronization Service GUI and modify the Metaverse schema.|
Configure the Metaverse -> Portal Flows
|This is where it gets a bit odd. We’ve created HR -> Metaverse flow rules using a codeless Sync Rule created in the Portal, but to get the data from the Metaverse into the Portal itself we actually have to use old-style MA rules.
In The Synchronization Service GUI, open the properties of the FIM MA and open the Configure Attribute Flow page.
|Add the Export flow rules that will copy data from the Metaverse to the Portal.
If you need extra attributes in the Portal for your HR data then see then see this document on the Portal schema. You will need to refresh the schema on the MA, and select the new attributes in the Attributes tab before they will be available for the flow rules.
|To avoid permissions problems when your export data to the Portal, check the MPR “Synchronization: Synchronization controls users it synchronizes” and make sure that the account used by the Sync Service has the rights to update all required attributes. It’s easy to just give the Sync Service rights to all user attributes in this MPR, but it depends on your requirements and security rules whether you’d do this.|
Create the Run Profiles
|Create Import and Sync run profiles for the HR MA. Here I’ve created a single-step “Full Import and Full Sync” run profile.|
|For the FIM MA I need Import/Sync and Export run profiles.|
Finally – Make something happen!
|The first job you need to run is the Import/Sync on the FIM MA. In a freshly installed system you should see three objects being projected into the Metaverse. Inspecting these objects shows them to be the Administrator user, the Built-In Synchronization user, and the HR Import Sync Rule we created above.|
|Now you can Import/Sync the HR MA. You should see objects being projected into the metaverse, and also provisioned as Adds into the FIM MA. If you inspect some of these objects in the Metaverse you should see them populated with attributes from the HR data source.|
|Finally you are ready to export your HR data to the Portal.
Various errors can happen here, and they will mostly be connected to Portal schema (particularly check the Validation tabs in both attribute and binding definitions) or Portal permissions (check MPRs that apply to the Built-In Synchronization accout).
If you see nice “Adds” counting up here then things are good, and you’ll find users defined in the Portal. It may not be quick though – the first load of data into the Portal is not the most performant part of this platform.
11 Replies to “FIM Walkthroughs – Import data from HR to the FIM Portal”
Thanks for this, it’s been very helpful!
I’ve followed this and get data into the MV now from our CDS, but can’t get it into FIM from the MV. The difference I have is that I’ve modified an MA we have currently for Export and made it Import and Export capable. Because we have export already, it was quite simple to modify the sync rule with the inbound attributes and of course we already had the schema defined.
When running the custom MA, we get the following results:
Filtered Disconnectors: 0
Connectors with Flow Updates: 0
Connectors without Flow Updates: 10
Filtered Connectors: 0
Deleted Connectors: 0
Metaverse Object Deletes: 0
Outbound Synchronization – FIM Service MA:
Export Attribute Flow: 10
Provisioning Adds: 10
Provisioning Disconnects: 10
I’m expecting 10 objects to make it into FIM out of all that, but don’t, and don’t know why. I’m learning FIM as I go… Help!
So you have ten objects in your FIM MA by the looks of things – that is a good sign. What happens when you run an Export on the FIM MA?
Have you been through this doc? http://technet.microsoft.com/en-us/library/ff686264(WS.10).aspx
First off thanks for the blog I keep getting a little further each day! 🙂
I am extremely new to FIM… 3 weeks of experience. I have Live@EDU and FIM setup (with a POC from Microsoft) and it is provisioning the email accounts on the live@edu side. I have been given the task to get the users now from Student Information System to FIM so the provisioning can happen in AD which will result in the previous FIM to Live@EDU….. The stuednt inform. guru has a SQL Server View setup, which I have connected a SQL MA. This seems to be successfully populating the Metaverse. I am now following your post to get the Synronization rules setup…. however on the “Create Synchronization Rule” screen >> Scope Tab… the drop downs are empty? I was assuming the FIM MA pulled the “Person or Group” option into the metaverse for these dropdowns?
I am not really sure what I am missing??? Directions to the insane assylum?
you got me in the middle of an international move so I’m behind on emails etc. Did you sort this out? I know there’s a good article about troubleshooting sync rules in the FIM technet wiki.
No I have not been able to resolve this yet. However I will take you suggestion and see what I can find on Technet WIKI! Thanks.
I have one doubt and I think this is good place to clarify it.
I have seen that in some of the management agent only Export Attribute Flow is configured but there profile is configured as “Export, Delta Import and Delta Synch”.
So my question is why do we need “Delta Import and Delta Synch” profile if only Export operation is performing for all attributes.
An export should always be followed by an import as this is the only way FIM can confirm the export was successful. If you only have export flow rules however you don’t need to do the sync.
Hi Carol, thanks for writing this up. i was able to get this working in one lab, but for some reason I can’t get it to work again in a different environment. When I sync the FIMMA I have a problem:
When I do a preview of the flow error
– I have 2 conditions that say “No Match”
I can sync my HRMA, but while I get the objects add everything list under disconnectors.
Any ideas what might be wrong?
What attributes are you flowing for the SynrRule object in the FIM MA? Is there any chance one of them could have been deleted?
Hi Carol – thanks for the reply. I have my issue fixed. I did not use the correct account to create my MA so I didn’t have permissions.
Comments are closed.