thanks Ian, that sounds like the plan then. Inbound rules to create a "first class citizen" for each user in the metaverse and each MA will not need outbound rules.
cheers,
Alistair
________________________________________
From: Discussion for MS IDM tools liks ILM and FIM <[log in to unmask]> on behalf of Ian Bassi <[log in to unmask]>
Sent: 04 February 2020 10:38
To: [log in to unmask]
Subject: Re: Rules extensions, in or out?
Warning. This email contains web links and originates from outside of the University.
You should only click on these links if you are certain that the email is genuine and the content is safe.
The performance impact of export rules extensions is greater than using import rules, so trying to avoid export rules is considered good practice.
Display Name is a good example of something which would be a good rule extension, the import rule would be configured on the HR\Student source, and when the first or last name is changed, it would update the display name in the Metaverse which then gets exported to other systems such as AD or MIM Service. You can also extend the logic to include other attributes, so you might decide if the user is a student, you want to add the students course to the end of the Display Name. The more complex you make them, the more time it will take to run the sync cycle.
It is worth noting, the FIM MA does not support rule extensions.
The rule extensions within MIM make it the most extensible IAM product on the market, but as the saying goes, with great power comes great responsibility.
Ian
-----Original Message-----
From: Discussion for MS IDM tools liks ILM and FIM <[log in to unmask]> On Behalf Of Alistair Young
Sent: 04 February 2020 10:11
To: [log in to unmask]
Subject: Rules extensions, in or out?
CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.
Looking at rules extensions, they seem very powerful and just what we need. What would be best practice for using them? Would they be used as a "translator" of attributes. e.g. if displayName is a portal defined rule (I think this is called declarative?) built from first+" "+surname, would that be a candidate for a rules extension instead?
Or would it be invoked "on the way out" to AD, for example. Perhaps not, now I type about it.
I get the impression rules extensions are gatekeepers between the connector space and the metaverse. So extend the schema via the portal and use a rules extension to create those new attributes from CS attributes.
thanks,
Alistair
########################################################################
To unsubscribe from the MICROSOFT-IDENTITY list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=MICROSOFT-IDENTITY&A=1
ThirdSpace is Microsoft's leading partner for identity and security. Grab some time with one of our senior architects at our monthly roundtables<https://thirdspace.net/events/?utm_source=signature&utm_medium=internal&utm_campaign=events>.
ThirdSpace Limited is the new name for Oxford Computer Group Limited. ThirdSpace Limited is a company registered in England and Wales (number 04574934) whose registered office is at 6th Floor, Seacourt Tower, West Way, Oxford, OX2 0JJ.
########################################################################
To unsubscribe from the MICROSOFT-IDENTITY list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=MICROSOFT-IDENTITY&A=1
########################################################################
To unsubscribe from the MICROSOFT-IDENTITY list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=MICROSOFT-IDENTITY&A=1
|