Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2009-12-11) Enabling FIM Portal Access For A Regular AD User Account

Posted by Jorge on 2009-12-11


To be able to access the FIM portal as a regular user, the following MUST be true:

  • The user has an AD user account
  • The attributes "Domain", "AccountName" and "ObjectSID" must have values populated about that AD user account synched by the FIM Sync Engine
  • The correct permissions have been configured for the AD user account in the FIM Portal (see more below)

To configure the correct permissions in the FIM Portal to allow portal access for regular users, additional configuration checkboxes appear during the installation of the FIM Portal:

  • Grant Authenticated Users access to the FIM Portal Site (must be checked if you want to allow access to the FIM Portal)
  • Grant Authenticated Users access to the FIM Password Reset Site (must be checked if you want to allow access to the FIM Password Portal)

In addition to this all, you as an administrator need to enable a few MPRs which by default are disabled. I’m talking about the following MPRs:

  • "General: Users can read non-administrative configuration resources"
  • "User management: Users can read attributes of their own"

You can check the MPRs in the FIM Portal or use can use this powershell script to do that for you. The result may look like:

clip_image001

clip_image002

This is for simple plain FIM Portal access. If you want to allow a user to do more, you need to create and/or enable additional MPRs.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

2 Responses to “(2009-12-11) Enabling FIM Portal Access For A Regular AD User Account”

  1. […] Read more about this here: https://jorgequestforknowledge.wordpress.com/2009/12/11/enabling-fim-portal-access-for-a-regular-ad-u… […]

  2. […] article mentioned here and here, which was written by me is based upon FIM 2010. This article however, will be based upon FIM 2010 […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: