Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By : Kent Nordstrom
Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By: Kent Nordstrom

Overview of this book

Microsoft's Forefront Identity Manager simplifies enterprise identity management for end users by automating admin tasks and integrating the infrastructure of an enterprise with strong authentication systems. The "Microsoft Forefront Identity Manager 2010 R2 Handbook" is an in-depth guide to Identity Management. You will learn how to manage users and groups and implement self-service parts. This book also covers basic Certificate Management and troubleshooting. Throughout the book we will follow a fictional case study. You will see how to implement IM and also set up Smart Card logon for strong administrative accounts within Active Directory. You will learn to implement all the features of FIM 2010 R2. You will see how to install a complete FIM 2010 R2 infrastructure including both test and production environment. You will be introduced to Self-Service management of both users and groups. FIM Reports to audit the identity management lifecycle are also discussed in detail. With the "Microsoft Forefront Identity Manager 2010 R2 Handbook" you will be able implement and manage FIM 2010 R2 almost effortlessly.
Table of Contents (21 chapters)
Microsoft Forefront Identity Manager 2010 R2 Handbook
About the Author
About the Reviewers
Using FIM to Manage Office 365 and Other Cloud Identities

Anonymous request

What we need to keep in mind when looking at this feature is that the user, as he has forgotten his password, is unable to authenticate properly to FIM. So, the key problem with SSPR is how to authenticate the user.

Let's take an example.

Kent, our contractor, has forgotten his password. He then makes a request anonymously to FIM to reset the password of the user account Kent. Well, FIM won't just do that! So, we tell FIM to try to figure out who the requestor is. We add an Authentication (AuthN) workflow, which gives Kent a chance to prove his identity. If the AuthN workflow proves to FIM that the requestor is indeed the user Kent, it will allow Kent to reset his password.

In FIM 2010 R2, there are two built-in ways for FIM to find out who the user is—we can use either a Question and Answer (QA) gate or a One Time Password (OTP) gate.

QA versus OTP

There are two different ways of doing SSPR in the R2 release—QA (Question and Answer) and OTP (One Time Password).

QA basically...