Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By : Kent Nordstrom
Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By: Kent Nordstrom

Overview of this book

Microsoft's Forefront Identity Manager simplifies enterprise identity management for end users by automating admin tasks and integrating the infrastructure of an enterprise with strong authentication systems. The "Microsoft Forefront Identity Manager 2010 R2 Handbook" is an in-depth guide to Identity Management. You will learn how to manage users and groups and implement self-service parts. This book also covers basic Certificate Management and troubleshooting. Throughout the book we will follow a fictional case study. You will see how to implement IM and also set up Smart Card logon for strong administrative accounts within Active Directory. You will learn to implement all the features of FIM 2010 R2. You will see how to install a complete FIM 2010 R2 infrastructure including both test and production environment. You will be introduced to Self-Service management of both users and groups. FIM Reports to audit the identity management lifecycle are also discussed in detail. With the "Microsoft Forefront Identity Manager 2010 R2 Handbook" you will be able implement and manage FIM 2010 R2 almost effortlessly.
Table of Contents (21 chapters)
Microsoft Forefront Identity Manager 2010 R2 Handbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
8
Using FIM to Manage Office 365 and Other Cloud Identities
Afterword
Index

Installing the FIM CM client


On the client computers where users will manage Smart Cards (in some cases all workstations), you will need to install some client components.

Note

You should install the x86 client software, even if the operating system is 64-bit. You have to match your FIM CM client with the type of IE that the users are using. (Even on 64-bit Windows we almost always use the 32-bit version of IE.)

The installation can be automated and settings controlled using GPOs, but showing the few manual steps gives you an idea of what might need to be changed.

  1. Usually we select all the components of the client software since we would like to support all the features. If you are using a separate tool for the PIN reset, for example, you might exclude this component.

  2. We then need to tell the component the name of the sites it should trust to run the ActiveX controls. In my example, I use the alias cm.ad.company.com for access to the FIM CM portal.

If you are not using the self-service option...