FIM 2010 & MIM 2016: Management Agents from Partners
Forefront Identity Manager includes a number of different management agents to connect to a variety of data sources.
For more information see:
- FIM 2010 R2 : Connected Data Sources and Management Agents
- Management Agents in FIM 2010
- Supported connectors in MIM 2016
To enable you to connect to other data sources, FIM includes the Extensible Connectivity Management Agent (ECMA). To interact with a data source, the ECMA uses a connected data source extension. A connected data source extension is a Microsoft .NET Framework assembly that is implemented in the form of a dynamic link library (.dll) file.
You can create this extension by using any programming language and compiler that creates a .NET Framework assembly.
For more information see:
There are a number of partners that have created Management Agents using the ECMA to connect to a number of different systems or just to enhance connectivity options that are available out of the box.
If you are a partner and have updates, please join the TechNet wiki community and make updates and we will review before the page is updated.
Brjann Brekkan
Identity and Access - Microsoft Corporation
** **
Note |
This Wiki article focuses on Management agents.
There is a separate Wiki article that collects broader scoped solutions based on FIM. |
MA's from some of our Identity and Access partners:
(partners sorted alphabetically)
Advania
Company website: www.advania.se
Company contact: iam@advania.se
HR systems
- Personec
- Heroma
- HR-Plus
- Primula
- Agda
Name quality
- Navet (Skatteverket, Swedish Tax Agency)
- KIR/KID (KommunInformationsRegister)
Student Information Systems
- Procapita
- IST Extens
Other
- Homefolder
- Lync
- Office 365 licensing
- Google Apps
- The Swedish HSA directory
Centrify
"Centrify's core capability is to extend Active Directory's authentication, authorization, and group policy capabilities to non-Microsoft platforms such as UNIX, Linux, and Mac. In doing this "identity consolidation" into Active Directory, UNIX attributes such as UNIX UIDs, home directories, etc. are stored within Active Directory, including the ability to map multiple UNIX UIDs to a single AD account (this technology is called Centrify Zones). "
In order to simplify provisioning of UNIX user profiles within Active Directory, Centrify provides a Provisioning Agent that leverages Active Directory Groups to automate the management of Centrify Zone profiles. Adding a user to the Active Directory control group for a specific Zone will cause the Zone Provisioning Agent to add a UNIX profile for that user to the Zone, similarly if you remove the user from the group it will delete the UNIX profile, and in this way Forefront Identity Manager only needs to manage an Active Directory Group's membership in order to manage the provisioning of Centrify UNIX profiles.
Also, because Centrify makes the AD username/password the global username/password, FIM's self-service password reset capabilities reach beyond Windows and into hundreds of non-Microsoft systems. For a free version of Centrify's software for Linux/AD integration, check out http: //www.centrify.com/express/ . . "
Community-Based
Management Agents available on blogs as well as on sites like sourceforge.com and Codeplex.com
Microsoft Dynamics AX MA
- Blog post series describing creating a MA for Dynamics AX:
- MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 1)
- MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 2)
- MIIS/ILM/FIM Code Experiment: Dynamics AX Management Agent (part 3)
SharePoint List Management Agent (from Steven Kean at Version3)
The SharePoint List Management Agent is an attempt to provide an easy-to-use, familiar interface between ILM 2007 and a WSS 3.0 or MOSS 2007 list. It is deployed as a "PackagedMA" to help alleviate some of the more tedious tasks involved with the development of extensible management agents (ex. run profile configuration, object type configuration, data manipulation, etc.). For more information and to download the code please click here.
OpenLDAP MA (from SourceForge)
The OpenLDAP Extensible Management Agent (XMA) for Microsoft Identity Lifecycle Manager(ILM) enables efficient two-way synchronization of identity information with the OpenLDAP directory. For more information and to download the code please click here.
For other LDAP v3 directories such as Oracle Internet Directory, you can use the OpenLDAP MA as the starting point for integration with FIM.
PowerShell Management Agent (Søren Granfeldt)
The Granfeldt PowerShell Management Agent (MA) is a diverse Management Agent (MA) that can be used for many different purposes. Basically, any task that can be done in PowerShell can be triggered through this MA, making it very flexible and a regular hybrid MA.
Source: http: //blog.goverco.com/p/powershell-management-agent.html
Ultimate File Connector (Henrik Nilsson)
Based on the ECMA 2.0 framework and can be found here.
Just the basic File Connector supporting the following OOB file formats:
- Attribute Value Pair (AVP)
- Delimited
- Directory Services Markup Language (DSML)
- Fixed
- LDAP Data Interchange Format (LDIF)
But has the following extra functionality:
- Full Export that before ECMA had to be handled externally from FIM/ILM/MIIS
- Files can be managed at FTP, FTPS, SFTP, SCP and File System Locations (remote from the Extensions folder)
- Files can be compressed/extracted with or without encryption/decryption
- Substitution of date and time values in file names
Generic REST API MA (Naohiro Fujie)
Based on the ECMA 2.2 framework and can be found here and has the following functionality:
- Import/Export Identities on various SaaS Applications through REST API
- Based on a plugin architecture, so can extend various SaaS Apps by building new plugin libraries
- Include Google Apps plugin library
- Support OAuth2.0 JWT bearer flow to access SaaS
- Support password synchronization with PCNS
- Works under web proxy enabled environment. Also works with proxy authentication.
Google Apps MA (Naohiro Fujie)
Based on the ECMA 2.0 framework and can be found here and has the following functionality:
- Export person objects from FIM
- Support password synchronization with PCNS
- Works under web proxy enabled environment. Also works with proxy authentication.
Directory Concepts
Management Agents developed and maintained for Forefront Identity Manager (FIM)
The following lists Management Agents Directory Concepts has developed and maintains under the software maintenance agreement. For further information regarding how these and other Directory Concepts products compliment your Microsoft FIM solution please refer to our web site.
If your requirement is not on this list, please feel free to contact us and we will develop it for you.
Source: http: //www.directoryconcepts.com.au/
- AlarmPoint - alerting/notification
- Apple Open Directory Connector
- Aurion HRMS
- Celcat – timetabling
- Cisco UCCX connector
- Frontier Software chris21 connector
- HP TRIM connector
- KRONOS connector
- LDAP Extensible MA
- Mercury eRecruit connector
- PaperCut - Print Management System
- Peoplesoft Oracle 9.1
- PowerShell Extensible MA
- RM MAZE School Management System
- RSA connector
- SALT mobile service - Salt Group
- SAP HR connector
- SAS2000 School Administration System (HumanEdge)
- SharePoint Extensible MA
- Strata Student Management System (Avaxa)
- Synergetic Management System for Schools
- TASS Student and Financial Administration for Schools
- Web Services Extensible MA
Ensynch
Company website: http: //www.ensynch.com/ida
Ensynch Google Apps MA
The Google Apps MA from Ensynch is capable of managing the entire Google account lifecycle. This MA is not only proficient at provisioning and de-provisioning tens of thousands of accounts, but can also synchronize password and bio-demographical data. With an additional SAML based SSO web site, users can continue to use their directory login to access their Google accounts.
Ensynch XMA for Databases
Ensynch’s Extensible Management Agent (XMA) for Databases is a configurable XMA capable of scaling to millions of objects and offers true delta processing on any database source. The XMA offers both Stored Procedure and XSLT customizations allowing for virtually any database to be queried and processed quickly and efficiently. Observed performance improvements over the built-in SQL or Oracle MA of between 10x and 20x.
Identity Forge
Company website: IdentityForge solutions for Microsoft FIM
The IdentityForge Management Agent for FIM has been tightly integrated with Microsoft's Forefront Identity Manager as well as ILM and MIIS. The Management Agent works with IdF's Adapter Suite providing Microsoft customers with an "out of the box" solution for ACF2, Top Secret, RACF, iSeries, SAP ECC, AIX, Linux, Cloud-Based and other target applications.
Mainframe MAs
- IBM-RACF Advanced Adapter
- CA-ACF2 Advanced Adapter
- CA-Top Secret Advanced Adapter
- CICS Advanced Adapter
- VSAM Advanced Adapter
Midrange MAs
- IBM-iSeries (AS400) Advanced Adapter
Mission-Critical System MAs
- HP NonStop Tandem Advanced Adapter
- OpenVMS (VAX, Alpha, Integrity) Advanced Adapter
- NetApp Data ONTAP Advanced Adapter
Unix MAs
- Oracle Solaris Advanced Adapter
- Enterprise Linux Red Hat Advanced Adapter
- Apple MAC OS Advanced Adapter
- IBM AIX Advanced Adapter
- HP SUSE Advanced Adapter
- HP-UX Advanced Adapter
- CentOS Advanced Adapter
- Ubuntu Advanced Adapter
Cloud-Based MAs
- Salesforce CRM Advanced Adapter
- NetSuite ERP Advanced Adapter
- Sugar CRM Advanced Adapter
- Google Apps Advanced Adapter
- AD Azure Advanced Adapter
- ServiceNow Advanced Adapter
- Concur Advanced Adapter
Healthcare MAs
- Epic Healthcare Advanced Adapter
- FHIR Healthcare Advanced Adapter
- HL7 Healthcare Advanced Adapter
SAP MAs
- SAP ECC Advanced Adapter
Directory Service MAs
- LDAPv3 JNDI Advanced Adapter
- IBM Directory Integrator Advanced Adapter
- Oracle Unified Directory Advanced Adapter
Identity Management System MAs
- Oracle Identity Manager MA
- IBM Tivoli MA
- SAP NW Identity Management MA
- Courion IDM MA
Inceptio
Company website: www.inceptio.dk
PowerShell Management Agent
The PowerShell Management Agent is a diverse Management Agent (MA) written using ECMA 2.0. It can be used for many different purposes. It allows for PowerShell scripts to be run on addition, modification and/or deletes of objects in the connector space and supports any attribute (single-/multivalue) to be flowed as parameters to scripts. Delta import is supported.
Directory Management Agent
The Directory Management Agent is extensible management agent used to physically manage user’s home directories or other (create /move/remove) by calling customizable scripts for each operation and it will update home directory information on the Active Directory user object accordingly when scripts have executed successfully. You'll be able to write the scripts in the scripting language of your desire.
Intercede
MyID MA
The MyID Management Agent for Microsoft Forefront Identity Manager allows Intercede MyID to simply ‘plug-in’ to FIM, adding secure device and credential management capabilities to any FIM enabled environment.
Connecting MyID to FIM via the management agent allows:
- Automated creation of requests for secure devices (e.g. smartcards, OTP tokens, smartphones) and credentials (e.g. certificates) to be fulfilled by MyID
- Managing the lifecycle of devices and credentials including suspension, cancellation, permanent or temporary replacements, and key archive and recovery
- PIV enablement FIM fulfills the sponsorship stage of FIPS 201 to create a ‘PIV Card Request’ and MyID completes the process to issue fully compliant PIV, PIV-I or PIV-C cards
- Tracking progress of the card requests and receiving notification that card issuance and activation has completed, including details of the card and credentials issued
- Support for full and delta synchronization between MyID and FIM
- Tool-based customization of the attributes passed between MyID and FIM without any recording in the management agent or MyID
- Retrieve issued device and credential details for propagation to other systems (e.g. document encryption or physical access control systems)
Website: www.intercede.com
Contact: info@intercede.com
Moran Technology Consulting
Company Website: www.morantechnology.com
Google Apps MA (based on new Google Directory API)
- Supports Import, Export of Users and Groups
- Move between Google Apps Domains
- Password Sync <
Note
To provide feedback about this article, create a post on the FIM TechNet Forum.
Omada
Visit www.omada.net for more information or contact Omada on email info@omada.net
Omada Connectivity Framework for FIM2010
Omada provides a range of Management Agents (MA's) supporting advanced deployments of FIM2010. The MA's covers integration to SAP, SAP GRC, Exchange, File shares, SharePoint, SCCM, Exchange, Powershell and more.
SAP MA
Omada's SAP MA is based on FIM's extensible connectivity management agent framework. The agent supports both full and delta imports as well as exports. The integration to SAP is performed via web services, and supports interaction directly with the SAP backend such as SAP , SAP HR, SAP BI etc. or via SAP PI. Omada provides web services for various objects in SAP such as Org. Units (organizational structure in SAP HR), Employees, Cost Centers (including the hierarchy), Company Codes, Users (includes Password reset), Roles (With Transaction Codes, Auth. Objects).
Omada also provides advanced integration to SAP GRC.
System Center Configuration Manager MA
Omada's SCCM Management Agent is based on FIM's extensible connectivity management agent framework. The agent supports full import of systems, collections, collection assignments, and installs from a SCCM system. On export, the agent supports the addition of systems to collections, as well as removal of a system from a collection.
Exchange Objects MA
Omada's Exchange Object Management Agent is based on FIM's extensible connectivity management agent framework. The agent supports full import and can move mailboxes within an Exchange organization. The agent has two modes of export operation: 1) synchronous moves of mailboxes 2) asynchronous moves of mailboxes (i.e., multiple threads moving mailboxes).
File share MA
Omada's File Share Management Agent is based on FIM's extensible connectivity management agent framework. The agent supports import and export operations, and can create, move/rename, and delete file shares. Additionally, the agent can optionally set permissions on file shares, and move file shares between different file system volumes.
Home Folder MA
Omada's Home Folder Management Agent is based on FIM's extensible connectivity management agent framework. The agent supports import and export operations, and can create, move/rename, and delete home folders. Additionally, the agent can optionally set permissions on folders, and move home folders between different file system volumes.
PowerShell MA
Omada's PowerShell Management Agent is based on FIM's extensible connectivity management agent framework. The agent supports export (add) of a script with parameters to execute. The agent is based on the "post-processing" approach to creating extensible management agents that execute external (to FIM) commands.
Initial Load MA's
Omada provides a number of Management Agents which are used to populate the FIM Portal with the customer's existing Accounts and group memberships in the target systems such as Active Directory, ADLDS, SAP etc.
SharePoint MA
The SharePoint Management API is based on SharePoint's standard API. The agent supports full import of users, sites, lists, permissions and permission levels. On export, the agent supports adding user permissions and revokes violating permissions.
Oxford Computer Group
Company website: http: //oxfordcomputergroup.com/
Information: info@oxfordcomputergroup.com
Oxford Computer Group (OCG) has developed numerous management agents for FIM 2010, which we can provide to partners and customers. Most were originally created as part of a specific implementation. OCG has developed and refined a number of these agents for wider adoption, documented here. Please contact us for more information.
Office365 MA
Oxford Computer Group (OCG) has created a purpose-built Management Agent that is empowering organizations as they move to Office 365. The OCG MA provides organizations with greater flexibility and control, with the enhanced functionality that FIM provides for user management.
OCG’s Office365 MA provides:
- automated Office365 provisioning
- flexibility and control over who has access to what
- automated licensing of users
- accelerated deployment of Office365
In addition, our solution is proven to be able to link one or more data sources with multiple tenancies in the cloud. This delivers an advantage for organizations where a ‘one-size-fits-all’ email policy is not appropriate. Different groups can be set up within different Office 365 tenancies to allow each group to manage its own email policies.
Delta Generator MA
Oxford Computer Group's Delta Generator is a Replacement for the Microsoft SQL and Oracle MA. It has been developed to accelerate synchronization in environments with large numbers of users and groups, or those that require a rapid synchronization schedule, the Delta Generator is a very useful addition to an FIM deployment. This component adds delta imports for systems that do not support deltas. To put it simply, one of its unique features is that it only imports those objects (accounts, groups, etc.) that have been updated since the last synchronization cycle.
A common use of the SQL Server MA is to generate group memberships from metaverse data. This is an extremely useful technique, but the MA’s performance is impeded when large numbers of groups or users are involved. By replacing the SQL Server MA with the Delta Generator, the import facility can be made orders of magnitude faster.
Exchange MA
Oxford Computer Group's Exchange MA makes it significantly easier to create, maintain, disconnect and delete Exchange Mailboxes (user, resource mailboxes and contacts). The MA is able to check and guarantee the uniqueness of mail addresses (mail and proxies). Furthermore, it supports mailbox quota and protocol settings management (OWA, MAPI, IMAP etc.). The administration of distribution groups is additionally also possible.
The mailbox permissions can be kept up-to-date by FIM. It allows managing mailbox permissions like send-as, send-on-behalf, full-access, etc.
The solution allows forest-wide mailbox provisioning as well as forest-wide and cross-forest mailbox relocation.
ServiceNow MA
The Management Agent serves the following functions:
- Enterprise Webproxy Support with different credentials
- Read, modify and delete User Objects
- Read, modify and delete Group Objects
- Read, modify and delete Location Objects
- Read, modify and delete Company Objects
- Read, modify and delete Department Objects
- Read, modify and delete CostCenter Objects
- Password Synchronization Support
For more information, please visit: ServiceNow ECMA2
Firebird MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before the start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: Firebird ECMA2
Informix MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before the start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: Informix ECMA2
Ingres MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before the start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: Ingres ECMA2
Microsoft SQL MA / Microsoft Azure SQL MA
The Management Agent serve the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before the start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: MS-SQL / Azure ECMA2
MySQL MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before the start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: MySQL ECMA2
NuoDB MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before the start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: NuoDB ECMA2
Oracle MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before the start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: Oracle ECMA2
Oracle System MA
OCG's Oracle System Management Agent is based on native Oracle.NET library. The agent supports export and import operations and can create, delete and modify account objects, manage database permissions, user profiles and schemas on database level. It can import accounts, roles and role assignments for reporting and attestation processes.
For more information, please visit: Oracle System ECMA2
PostgreSQL MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: PostgreSQL ECMA2
Virtuoso MA
The Management Agent serves the following functions:
- Uniform and flexible database connection system
- Access multiple data sources (tables or queries) via one management agent
- Flexible assignment of the reference column in main and multivalued tables
- Delta synchronization including modification types
- Execution of a stored procedure before start of the synchronization process
- Execution of a stored procedure after the end of the synchronization process
- Easy configuration via XML-File without programming knowledge
- All parameters can be set for each data source (table or query).
- Connections via SSPI (integrated security) if possible
- Customization of the export functions is possible
- Password Synchronization Support
For more information, please visit: Virtuoso ECMA2
OCG PowerShell MA
The OCG PowerShell MA enables the execution of various tasks that can be also performed in the PowerShell Shell. It is a universal PowerShell Management Agent that allows the provisioning of various systems to be managed by PowerShell (e.g. Lync, SharePoint, Exchange, Office 365, NetApp…) Any PowerShell script can be used as part of provisioning, modification or deprovisioning logic by integrating it into the PowerShell Script called during Export by the Management Agent. Modules can be loaded locally on the fly to enable the use of extended Commandlets. The Import Script supports Delta Imports to speed up the Import process. Errors can be logged into EventViewer, to a file or directly into the Synchronization Engine. The agent also supports outbound password changes as part of the Password Change Notification Service (PCNS) system, by using Password Management Script.
PowerShell Transaction MA
The OCG PowerShell Transaction Management Agent enables the execution of any PowerShell command inclusive additional user-defined parameters and arguments for all systems supporting PowerShell interface. Based on object information commands will be executed locally or using different endpoint systems. Additional PowerShell modules can be loaded during the runtime executing a single object or a bundle of objects. Authentication modes, user and credential information can be added if necessary for each operation. After sending the PowerShell command result collection and error streams will be caught by the Management Agent and provided for further execution.
RSA7 / RSA8 SecureID Authorization Manager MA
OCG RSA7 / RSA8 Management Agent provides functionality for RSA7 / RSA8 SecureID Lifecycle Management on enterprise level. The RSA 7 SecureID MA can manage multiple RSA Systems, realms and data sources. The agent supports export and import operations and can create, delete and modify account objects, manage tokens and token assignments incl. token change und pin reset functionality, manage groups and group memberships.
For more information, please visit: RSA7 / RSA8 ECMA2
SAP MA
Oxford Computer Group provides a solution specifically designed for organizations running SAP R/3 and Netweaver. The MA integrates SAP with FIM, uses standard BAPI calls to manage users and roles by combining the power and flexibility of Microsoft Forefront Identity Manager (FIM) with a bespoke connector for SAP. OCG have created a cost-effective and easily deployable solution to address issues of identity and access management.
The Management Agent serves the following features:
- Read/write users into SAP UM
- Supports read/update users into SAP CUA
- Synchronize passwords for SAP users
- Managing user roles and composite roles
- Support of more than 100 SAP with only one MA
- SNC Encryption
For more information, please visit: SAP Management ECMA2
SharePoint MA
Oxford Computer Group's SharePoint MA makes the creation, deletion, and maintenance of up-to-date SharePoint profiles significantly easier. The solution allows an organization's SharePoint user profiles to be kept up-to-date by FIM. FIM populates the SharePoint user profiles with data from any of its connected data sources, such as Active Directory, HR systems, company white pages, email Global Address Lists etc. By utilizing FIM's provisioning and deprovisioning power, an organization's SharePoint user profiles can be created and deleted in line with its business rules. That means new Starters get access to all the required and approved systems from the minute they join the company. It also means their access privileges can be changed when required and removed when they leave. This significantly reduces the possibility of data theft.
Unix SSH MA
OCG SSH System Management Agent is based on standard .NET library. The agent supports creation, deletion and modify of unix-based systems account objects and user profiles. Combined with OCG Password Change Notification Service (PCSN) the solution provides the ability to synchronize account passwords between active directory and the connected unix systems. The MA functionality is easily and free extensible.
For more information, please visit: Unix SSH ECMA2
Simple LDAP MA
The OCG Simple LDAP MA (based on Extensible Connectivity MA 2.0) allows the import of Active Directory Partitions or Global Catalog Structures into FIM. The Management Agent has automatic AD Schema discovery. It is, therefore, possible, in the FIM User Interface, to select which object types and attributes are imported from AD or GC.
Sync Monitoring Solution MA
The OCG Sync Monitor Solution MA (based on Extensible Connectivity MA 2.0) generates Metaverse data which make the monitoring and troubleshooting of Sync issues straightforward. For example, the MA generates a multi-value list for each object in the Metaverse, showing which Management Agents are connected to this Metaverse object. Similarly, errors in synchronization or export also result in Metaverse Objects which are related to the object which experienced the error – this increases the visibility of the error message, and makes troubleshooting more straightforward.
Other
OCG has many other Management Agents that are available as part of a service engagement, and is developing new ones all the time - for example Google MA, File Share MA, Unix, Oracle RBAC, various Telephone systems, Sharepoint, Office365, Exchange 2010 Resources, custom LDAP MA, GPO Link MA, AD DACL - please contact us!
Predica
Visit our company website: http: //www.predica.pl/ for more information on our FIM related solutions or e-mail us for additional information at kontakt@predica.pl.
Cisco Unified Communications Manager (Cisco Telephony MA)
Predica has created a specialized management agent for integration of Cisco Unified Communications Manager into FIM 2010 based solutions eco-system. CUCM management agent extends FIM with full management capabilities for CUCM user accounts for import and export operations in all scenarios: provisioning, information management, and de-provisioning process.
CCUM MA provides also password management capabilities to manage both CUCM user PIN and password for initial account provisioning and password synchronization/reset.
In addition to user, the management agent can be used also to retrieve information about user's devices, lines assigned to devices and service profiles assigned to these lines and hunt lists with its members.
For its management capabilities, CUCM MA uses native web service interfaces of the Cisco Unified Communications Manager and doesn't require any additional elements to be deployed in the managed system. All information is retrieved using configurable queries, which can be adjusted for each object type.
The agent was proven through deployments where it manages thousands of user accounts. Currently supported with CCUM version 7.x and 8.x.
The agent is available in Extensible MA and ECMAv2 versions. You can read more about agent and its configuration on dedicated blog post.
Fully supports: FIM 2010, FIM 2010 R2 and SP1
Agent enables the following scenarios (not limited only to those):
- Provision and manage information on your IP phones directly from FIM
- IP phone as an asset bound to employee import
- Import of hunt lists and its members
- Initial PIN and subsequent PIN changes from FIM
- Web access password management and synchronization from AD for simplified Sign-on
- Fully customizable with ability to customize all queries used by agent to pull information from data source
- Up to date phone number information reflected in all connected external systems and corporate directories
Quest
Company website: http: //www.quest.com/
Quest Active Roles MA (Quest MA for FIM)
Quest Management Agent for Forefront Identity Manager allows you to combine the capabilities provided by Quest ActiveRoles Server and Microsoft Forefront Identity Manager (FIM) to automate user management tasks. With Quest Management Agent for Forefront Identity Manager you can benefit from the bi-directional synchronization of user accounts, groups, and other directory objects between FIM and the Active
Directory domains and AD LDS (ADAM) instances managed by ActiveRoles Server.
Schakra
Company website: http: //www.schakra.com/Services.aspx
Home Directory Management Agent
With the Home Directory Management Agent (HDMA) for FIM, user home directories can be managed with the same ease and familiar environment as other aspects of the identity lifecycle.
Traxion
Company website: [http: //www.traxion.com/
SCIM Management Agent
Manage access to your business applications via the Cross-domain Identity Management standard.
The SCIM Management is based on the SCIM (System for Cross-domain Identity Management) standard to manage the Identity & Access lifecycle to any application which supports SCIM. Traxion also provides a developer starting pack to build op a SCIM Service Provider, useful for supplying to your application vendors.
Office 365 License Management Agent
Integrate your Office 365 license management into your Identity & Access Management landscape.
Office 365 provides your office products when and where you need it. In order for your organization to take advantage of the Office 365 services, you need to assign the purchased licenses to your employees and activate the desired services you want them to start using. This module allows you to manage Office 365 license suites on user-level from within your Identity & Access Management landscape.
Office 365 Skype for Business online Management Agent
Manage Skype for Business access & policies for your employees from within your Identity & Access Management landscape.
Skype for Business lets you collaborate with anyone, anywhere, on any device. You can organize professional online meetings, messaging, calls and video conversations up to 250 people. In order for your organization to take advantage of these features, you need to enroll it to your employees. Therefore, your employees need to be provisioned to the service first and granted user specific access rights. This module allows you to manage Skype for Business users including the management of their user specific policies from within your Identity & Access Management landscape.
Office 365 SharePoint online Management Agent
Manage SharePoint groups and additional profile information from within your Identity & Access Management landscape.
SharePoint Online provides a secure, cloud service platform to store, organize, share and access information from almost every device. SharePoint Online is part of the Office 365 suite (E1 or higher) Microsoft offers to business, education, government and nonprofit organizations. This connector provides the ability to integrate your SharePoint groups with your IAM solution to manage group permissions driven from your Access Management solution. Next to that, additional profile information can be synchronized directly to SharePoint Online.
Office 365 Exchange online Management Agent
Description following soon.
Office 365 Dynamics online Management Agent
Description following soon.
IBM Maximo Management Agent
Manage Maximo users and groups from within your Identity & Access Management landscape.
Maximo is an asset management solution from IBM which allows your enterprise to manage all your assets with the ability to monitor and report on it. This connector provides integration with Maximo into your IAM solution to manage users and groups driven from your Identity and Access Management solution.
SAP SuccessFactors Management Agent
Feed your IAM solution with HR master data and manage additional profile information from within your Identity & Access Management landscape.
SuccessFactors is a SaaS application owned by SAP. It provides Human Capital Management (HCM) capabilities to and for employees. The bidirectional connector provides support for importing master data (persons, employment, departments, users) into your IAM solution as well as managing profile information (e.g. photo, username, e-mail, phone numbers) back to SuccessFactors, driven from your Identity and Access Management solution.
File Services Management Agent
Description following soon.
Other custom MA’s
We have also built an extensive list of other management agents for specific customer scenarios and can build management tailored for your needs.
Unify
Company website: http: //www.unifysolutions.net/
Identity BrokerTM for FIM Connected Directories
The UNIFY Identity Broker is a service that solves the following issues:
- Connectivity to specific systems for which no MA exists - Identity Broker allows UNIFY to easily develop MAs to any system using its own API.
- Providing a framework of common patterns involved in connecting to sources of identity data, including security models, WCF, SOA, interconnectivity with other platforms, data modeling allowing targeted systems to appear as directories to the identity management platform;
- Complete implementation of all FIM's extensible management agent interfaces, regardless of the capabilities of the target system;
- Password synchronisation ability where target system maintains its own identity store for authentication/authorisation; and
- Real-time capabilities when matched with UNIFY Real-time Broker.
- Audit capture and reporting within Identity Broker
- Single Interface for managing all connected Brokers within the ILM/FIM solution
- GUI management interface for configuration and management, including application schema discovery and mapping
- Installation and configuration wizard including automated generation of ILM/FIM MA
Identity Broker MAs
UNIFY's list of Identity Broker MAs includes (but is not limited to) the following:
- Identity Broker for Microsoft SharePoint;
- Identity Broker for Aurion HRMS (Prevalent Australian Tier 2 HR application);
- Identity Broker for Frontier chris21 (Prevelant Tier 2 HR and Payroll. Clients in APAC and EMEA);
- Identity Broker for Cisco Unified Communications Manager;
- Identity Broker for HP TRIM;
- IBM Tivoli Access Manager (allows ILM/FIM to manage TAM repository);
- Identity Broker for BigHand Digital Dictation;
- Identity Broker for Aderant Expert;
- Identity Broker for LexisNexis InterAction; and
- SAP HR (platform and version independent)
VEMN
Company website: http: //www.vemn.com.ar/ for more information or contact VEMN on email info@vemn.com.ar
Oracle CC&B Management Agent for FIM
Oracle CC&B Management Agent allows identities integration between Forefront Identity Manager (FIM) and CC&B (using Oracle web services).
Custom Management Agent for FIM
VEMN provides solutions integration applications that manage identities information through custom Management Agents.
Zetetic LLC
Company website: http: //zetetic.net/
Salesforce.com MA
Zetetic's Management Agent for Salesforce.com provides:
- User management and synchronization
- Contact, Account, and all other standard and custom Salesforce.com object types
- Fully integrated object type and attribute discovery using ECMA2
- Intelligent delta synchronization and batch updates
- Password synchronization
- Connectivity to multiple Salesforce.com organizations
- Compatible with FIM 2010, FIM 2010 R2, and ILM 2007
For more information on the Salesforce.com MA, please see: http: //zetetic.net/software-salesforce-ma
IBM Lotus Notes and Domino MA
Zetetic's Lotus Notes MA is a drop-in management agent for Notes featuring:
- Custom Objects and types - work with any Notes business database, not just the Address Book
- Advanced User Management - Registration via the Domino Certification Authority and support for Internet-only User accounts
- Multiple Mixed NABs - Superior handling of multi-Address Book environments
- Increased reliability - More robust than the standard Notes MA, because Notes need not be installed on the FIM host
- Broader platform support - Works with both 32 and 64 bit Notes clients
For more information on the Notes MA, please see: http: //zetetic.net/software-notes-ma/
Exchange Public Folders MA
- Provision, read, and update contacts in Exchange Public Folders
- Full coverage of contact details including photo
- Supports Exchange 2003 through 2010 via MAPI and Exchange Web Services