Beruflich Dokumente
Kultur Dokumente
Reduces helpdesk costs Improves compliance outcomes Increases user productivity and satisfaction
Enhanced knowledge-based authentication SMS authentication Email authentication Portal customization Programmatic registration Streamlined deployment
Reverse Proxy
FIM Service
Active Directory
FIM Admin
Configure SSL
Localization
Password Reset & Registration Portals, FIM Password Reset Extensions
33 languages Bulgarian, Chinese (Simplified), Chinese (Traditional), Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hindi, Hungarian, Italian, Japanese, Latvian, Lithuanian, Norwegian (Bokmal), Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian
FIM Portal and Service 19 languages Chinese (Simplified), Chinese (Traditional), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Korean, Norwegian (Bokmal), Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish, Turkish
Optionally:
Modify workflow configuration to use new & improved gates
Gate QA Gate
Considerations
Usability of questions with sufficient security OTP SMS Gate Users with SMSRequires contract & capable mobile integration with SMS phones service provider OTP Email Gate Users with email Access to email Compliance with accounts not secured account organizational security by organizational policies password
User Experience User enters mobile phone number and/or email address User sees mobile phone number and/or email address, and can edit this data inline with the registration user experience User sees mobile phone number and/or email address, but cannot edit it inline
How to Achieve this Experience Configure gate to be Read-Write (default) Configure gate to be Read-Write Set value of users OTPMobilePhone and/or OTP EmailAddress (e.g., via workflow, PowerShell) Configure gate to be Read Only Set value of users OTPMobilePhone and/or OTP EmailAddress (e.g., via sync)
Returns true if the specified user is registered for the specified workflow, otherwise returns false UserName, AuthenticationWorkflowName
Scenario
Goal Approach
Scenario
Goal Approach
Organization has existing business process that collects all data needed for password reset
Register existing and new users for FIM Password Reset without user interaction Existing users: Write a script to get data from target system, and use this data to register users for FIM Password resets New/modified users: Script or code to invoke the cmdlet when user is created or has new data
Automated deregistration Scenario Goal Approach Organization wants users to periodically re-register for FIM Password Reset Cause users to be prompted for re-registration on a defined schedule Implement a process to identify users who are targeted for reregistration Write a script to deregister targeted users Schedule periodic execution of that script
Example:
QA Gate applies to all requests OTP SMS Gate applies only to requests from the extranet
User Request to FIM Password Portals include optional Register or Reset SecurityContext property in SOAP header: Extranet Password or NoneSpecified FIM Service stamps value on the Security Context property of the request in the FIM Service Authentication workflow: Extranet-only gates execute only for requests from the extranet
Number of questions
in the gate shown to the user required for registration required for reset Allowed answers Text to describe allowed answers to users
Length of one-time password Email template for sending the one-time password
Length of one-time password SMS text message that contains the security code
SMS Provider
Users Cellphone
Typical steps include: Choose an SMS provider and establish a service relationship Get documentation for the protocol/API which is implemented by the SMS service provider Write SMS Provider to target this protocol/API Compile this code into a DLL with a specific filename Deploy this DLL to the host of the FIM Service machine into a specific location
http://technet.microsoft.com/en-us/library/hh824692(v=ws.10).aspx
Approach
Admin can define overrides to default portal user experience elements
Scope
Banner graphics User interface text Theme: font, color, layout
http://technet.microsoft.com/en-us/library/jj134297(v=ws.10)
<?xml version="1.0" encoding="utf-8"?> <root> <resheader name="resmimetype"> <value>text/microsoft-resx</value> </resheader> <resheader name="version"> <value>2.0</value> </resheader> <resheader name="reader"> <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 </value> </resheader> <resheader name="writer"> <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 </value> </resheader> <!-- Customizations begin here --> <data name="StringName" xml:space="preserve"> <value>Customized String Value</value> </data> </root>
http://technet.microsoft.com
In Review
Area End User Interface Authentication Challenges Customization FIM 2010 FIM 2010 R2 Windows Windows desktop logon (reset only) desktop login Web portal supporting multiple browsers QA gate Different questions QA gate with configurable constraints Authentication via SMS, email Different questions, different gates Higher bar for extranet-based requests Configurable UI for the SSPR portal
Reporting
http://northamerica.msteched.com
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn