Update 11 October 2010: This blog post has been converted into a Wiki page instead so that we can provide a more living document. Please go to: http://social.technet.microsoft.com/wiki/contents/articles/fim-2010-management-agents-from-partners.aspx
Forefront Identity Manager includes a number of different management agents to connect to a variety of data sources. To enable you to connect to other data sources, FIM includes the Extensible Connectivity Management Agent (ECMA). To interact with a data source, the ECMA uses a connected data source extension. A connected data source extension is a Microsoft .NET Framework assembly that is implemented in the form of a dynamic link library (.dll) file.
You can create this extension by using any programming language and compiler that creates a .NET Framework assembly. For more information, see Creating Connected Data Source Extensions.
There are a number of partners that have created Management Agents using the ECMA to connect to a number of different systems or just to enhance connectivity options that are available out of the box.
This is the first blog post on MA and I will follow up with a similar post with MA’s that Microsoft Consulting Services have developed as part of their engagements.
http://identityforge.com/products/idf-management-agent
The IdF Management Agent for FIM has been tightly integrated with Microsoft’s Forefront Identity Manager as well as ILM and MIIS. The Management Agent works with IdF’s Adapter Suite providing Microsoft customers with an “out of the box” solution for ACF2, Top Secret, RACF, i5 and legacy applications Mainframe MA’s – See current MA Datasheet for specs IBM – RACF Currently Available CA – ACF2 Currently Available CA-Top Secret Currently Available CICS Target Release Date: February 2011 Midrange MA’s – See current MA Datasheet for specs IBM-i5 (AS400) Currently available HP Non - Stop Target Release Date: November 2010 Open VMS Target Release Date: February 2011
The IdF Management Agent for FIM has been tightly integrated with Microsoft’s Forefront Identity Manager as well as ILM and MIIS. The Management Agent works with IdF’s Adapter Suite providing Microsoft customers with an “out of the box” solution for ACF2, Top Secret, RACF, i5 and legacy applications
Mainframe MA’s – See current MA Datasheet for specs IBM – RACF Currently Available CA – ACF2 Currently Available CA-Top Secret Currently Available CICS Target Release Date: February 2011 Midrange MA’s – See current MA Datasheet for specs IBM-i5 (AS400) Currently available HP Non - Stop Target Release Date: November 2010 Open VMS Target Release Date: February 2011
Generic Unix MA Target Release Date: February 2011 Supported Unix Systems: Oracle-Solaris, HP-UX, IBM-AIX, LINUX Functionality:
Generic Unix MA Target Release Date: February 2011
Supported Unix Systems: Oracle-Solaris, HP-UX, IBM-AIX, LINUX
Functionality:
SAP
SAP r3 4.5 and higher - Available November 2010
SAP ECC 6.0 - Available October 2010 SAP HR 6.0 Web Services Functionality:
Visit www.omada.net for more information or contact Omada on email info@omada.net
Omada provides a range of Management Agents (MA’s) supporting advanced deployments of FIM2010. The MA’s covers integration to SAP, SAP GRC, Exchange, File shares, SharePoint, SCCM, Exchange, Powershell and more.
Omada’s SAP MA is based on FIM’s extensible connectivity management agent framework. The agent supports both full and delta imports as well as exports. The integration to SAP is performed via web services, and supports interaction directly with the SAP backend such as SAP ERP, SAP HR, SAP BI etc. or via SAP PI. Omada provides web services for various objects in SAP such as Org. Units (organizational structure in SAP HR), Employees, Cost Centers (including the hierarchy), Company Codes, Users (includes Password reset), Roles (With Transaction Codes, Auth. Objects).
Omada also provides advanced integration to SAP GRC.
Omada’s SCCM Management Agent is based on FIM’s extensible connectivity management agent framework. The agent supports full import of systems, collections, collection assignments, and installs from a SCCM system. On export, the agent supports the addition of systems to collections, as well as removal of a system from a collection.
Omada’s Exchange Object Management Agent is based on FIM’s extensible connectivity management agent framework. The agent supports full import, and can move mailboxes within an Exchange 2003/2007 organization. The agent has two modes of export operation: 1) synchronous moves of mailboxes 2) asynchronous moves of mailboxes (i.e., multiple threads moving mailboxes).
Omada’s File Share Management Agent is based on FIM’s extensible connectivity management agent framework. The agent supports import and export operations, and can create, move/rename, and delete file shares. Additionally, the agent can optionally set permissions on file shares, and move file shares between different file system volumes.
Omada’s Home Folder Management Agent is based on FIM’s extensible connectivity management agent framework. The agent supports import and export operations, and can create, move/rename, and delete home folders. Additionally, the agent can optionally set permissions on folders, and move home folders between different file system volumes.
Omada’s PowerShell Management Agent is based on FIM’s extensible connectivity management agent framework. The agent supports export (add) of a script with parameters to execute. The agent is based on the “post processing” approach to creating extensible management agents that execute external (to FIM) commands.
Omada provides a number of Management Agents which are used to populate the FIM Portal with the customer’s existing Accounts and group memberships in the target systems such as Active Directory, ADLDS, SAP etc.
The SharePoint Management API is based on SharePoint’s standard API. The agent supports full import of users, sites, lists, permissions and permission levels. On export, the agent supports adding user permissions and revokes violating permissions.
"Centrify's core capability is to extend Active Directory's authentication, authorization and group policy capabilities to non-Microsoft platforms such as UNIX, Linux and Mac. In doing this "identity consolidation" into Active Directory, UNIX attributes such as UNIX UIDs, home directories, etc. are stored within Active Directory, including the ability to map multiple UNIX UIDs to a single AD account (this technology is called Centrify Zones).
In order to simplify provisioning of UNIX user profiles within Active Directory, Centrify provides a Provisioning Agent that leverages Active Directory Groups to automate the management of Centrify Zone profiles. Adding a user to the Active Directory control group for a specific Zone will cause the Zone Provisioning Agent to add a UNIX profile for that user to the Zone, similarly if you remove the user from the group it will delete the UNIX profile, and in this way Forefront Identity Manager only needs to manage an Active Directory Group's membership in order to manage the provisioning of Centrify UNIX profiles.
Also, because Centrify makes the AD username/password the global username/password, FIM's self-service password reset capabilities reach beyond Windows and into hundreds of non-Microsoft systems. For a free version of Centrify's software for Linux/AD integration, check out http://www.centrify.com/express/ ."
For more information: http://www.oxfordcomputergroup.com/OCG_Components
Oxford Computer Group’s SharePoint MA makes the creation, deletion and maintenance of up-to-date SharePoint profiles significantly easier. The solution allows an organization’s SharePoint user profiles to be kept up-to-date by FIM. FIM populates the SharePoint user profiles with data from any of its connected data sources, such as Active Directory, HR systems, company white pages, email Global Address Lists etc. By utilizing FIM’s provisioning and deprovisioning power, an organization’s SharePoint user profiles can be created and deleted in line with its business rules. That means a new starter can have access to all the required and approved systems from the minute they join the company. It also means their access privileges can be changed as and when required and removed when they leave. This significantly reduces the possibility of data theft.
Oxford Computer Group provides a solution specifically designed for organizations running SAP HR, R/3 and Netweaver. The MA integrates SAP with FIM, uses standard BAPI calls to manager employees, user and roles By combining the power and flexibility of Microsoft Forefront Identity Manager (FIM) with a bespoke connector for SAP OCG have created a cost-effective and easily deployable solution to address issues of identity and access management.
Oxford Computer Group’s Delta Generator is a Replacement for the Microsoft SQL and Oracle MA. It specifically adds delta imports for those systems that do not support deltas. Significantly reduces sync time, orders of magnitude faster than the MS MA even for full imports in some cases
MA - Oxford Computer Group (OCG) provide solutions that use Microsoft Forefront Identity Manager (FIM) to manage Blackberry® identity and security by integrating with Blackberry® Enterprise Server (BES), the management solution for Blackberry®. This allows secure access for Blackberrys to be managed through an integrated solution in the same way as other enterprise systems. To complement FIM, OCG has developed a .NET-based Management Agent for BES (BES XMA). This provides added functionality and tighter integration between FIM and BES. The integration of BES XMA helps increase IT productivity and reduce administrative overheads by enabling centralized control and management of user accounts and mobile devices.
For more information: http://www.unifysolutions.net
The UNIFY Identity Broker, is a service that solves the following issues:
UNIFY’s list of Identity Broker MAs includes (but is not limited to) the following:
With the Home Directory Management Agent (HDMA) for FIM, user home directories can be managed with the same ease and familiar environment as other aspects of the identity lifecycle.
Management Agents available on blogs as well as on sites like sourceforge.com and Codeplex.com
Blog post series describing creating a MA for Dynamics AX: MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 1) MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 2) MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 3)
Blog post series describing creating a MA for Dynamics AX:
MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 1)
MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 2)
MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 3)
The SharePoint List Management Agent is an attempt to provide an easy-to-use, familiar interface between ILM 2007 and a WSS 3.0 or MOSS 2007 list. It is deployed as a "PackagedMA" to help alleviate some of the more tedious tasks involved with the development of extensible management agents (ex. run profile configuration, object type configuration, data manipulation, etc.). For more information and to download the code please click here.
The OpenLDAP Extensible Management Agent (XMA) for Microsoft Identity Lifecycle Manager(ILM) enables efficient two-way synchronization of identity information with the OpenLDAP directory. For more information and to download the code please click here.
For other LDAP v3 directories such as Oracle Internet Directory you can use the OpenLDAP MA as starting point for integration with FIM.
I will keep updating this post going forward and I hope this helps in finding the MA’s that you need for your projects.
// Brjann Brekkan
Follow me on Twitter as well twitter.com/bbrekkan
Post updated 29 July with info on Omada’s SharePoint MA