What’s FIM all about?
Agenda
• What is FIM
• Why are we implementing FIM
• How is FIM related to Office 365
• What will FIM do
• How does FIM differ from ILM (current solution)
• What does FIM mean to administrators
• What does FIM mean to users
• When will FIM be implemented
What is FIM?
• Microsoft Forefront Identity Manager
• Identity Management
•
•
•
•
•
Applies business rules to provision and de-provision BLUE Accounts
Recognizes HRMS, Banner, and Guest table as authoritative source systems
Manages accounts for alumni and retirees
Manages email address lifecycle
Better manage guest accounts with and without email
Why are we implementing FIM
• Product upgrade to ILM
• Has been running at CU for over 3 years
• Office 365 required changes to accounts to AD
• Fixes logic in ILM that never worked
• Better manages to deletion of abandoned accounts
• Adds functionality that was not included in ILM
• Centralizes logic in FIM
• Simplifies complex licensing requirements from Microsoft
• Enable to University to offer email to alumni and retirees
How is FIM related to Office 365
• Office 365 requires accounts to be configured in a specific way
• FIM writes and manages attributes in AD required for Office 365
• FIM and Office 365 can exist without each other
• FIM streamlines management of AD accounts, Microsoft licensing,
and mailbox management
• Students have migrated to Office 365 without FIM, but we did have to
make manual adjustments to accounts to make this work.
• These manual adjustments could not be managed long-term
• FIM makes it easier to manage accounts in the manner required by
Office 365
What will FIM do?
• Primarily FIM creates, manages, disables and deletes AD accounts in
accordance with business rules.
•
•
•
•
•
•
Creates hidden accounts for accepted students
Unhide accounts when student enrolls
Maintains student account based on Banner data
Manages guest accounts based on start and end date
Manages employee accounts based on HRMS data
Manages all changes to students, employees, and guests
• Maintains specific attributes required by Office 365
How does FIM differ from ILM
• ILM is fed by three ‘feeds’ so it does not know if a person is both a
student and employee
• FIM is fed by a single ‘feed’ with with data about students, staff, and
guests
• ILMs Logic is contained in ILM and in the ‘feeds’ it gets from HR,
Banner, and Guests
• FIMs logic is contained within FIM
• FIM will do the same things that ILM does, just better
What does FIM mean to administrators?
• ILM created new users in MigratedUsers OU and adminstrators could
move the account to their own OUs
• Resulting in user objects spread inconsistently across the AD
• FIM will move and create all users in the UserObjects OU
• Microsoft best practice for AD management
• Group Policies Objects applied to user accounts must be updated
• GPOs applied to computer objects will not be affected
• All other AD permissions and clean up have nothing to do with FIM
What does FIM mean to users?
• FIM will handle changes to user much better than ILM
• Ex. When someone changes their name with HR the name change will be
processed by FIM and a new email address will automatically be created
• Manages the AD account throughout all stages in the lifecycle of a user
• FIM allows alumni and retirees to keep their AD accounts
• FIM allows for email addresses to be tied to an individual just like
NetID
• If a former student comes back to CU years later as a faculty member they will
get their same email address
When will FIM be implemented?
• Soon
• We are in the final stages of testing
• Project started last Fall
• We had hoped to get FIM turned on in time for graduation
• Admissions offices and Alumni offices create unique challenges on
the activation of FIM
• Once FIM is live all new account will be created with mailboxes in the
‘cloud’
Q&A
• Any questions?