Microsoft BHOLD Core Operations Guide

 

Applies To: Forefront Identity Manager

This operations guide provides administering and managing information for day-to-day operations of Microsoft® BHOLD Core, the principal module of the Microsoft BHOLD Suite Service Pack 1 (SP1). This guide consists of the following sections:

• Introduction to administering Microsoft BHOLD Core provides an overview of BHOLD Core and the objectives that you can achieve by carrying out the tasks described in this guide.

• Administering Microsoft BHOLD Core lays out objectives that you might want to accomplish when administering BHOLD Core and provides detailed tasks and procedures for achieving those objectives.

When to use this guide

Use this guide when:

• You want to manage users’ access to information technology (IT) resources based on the users’ roles (job titles) within the organization.

• You want to manage users’ access based on their position within the organizational hierarchy.

• You want to manage users’ access based on their participation in a cross-organizational project team.

• You want to manage individual users’ access without regard to their job function or group membership.

You can also use this guide to learn how to manage the elements of the BHOLD Core role model, including applications, roles, permissions, organizational units, and users.

This guide assumes a basic understanding of BHOLD Core, how it works, and how your organization uses it in conjunction with Microsoft Forefront Identity Manager (FIM) 2010 or Microsoft Forefront Identity Manager 2010 R2 to manage identities throughout your organization.

This guide contains detailed procedures that are designed for operators (or designated users) who have varied levels of expertise and experience. Although the procedures provide operator guidance from start to finish, operators must have a basic understanding of how objects in the BHOLD Core role model relate to each other and their purpose.

Important

In a typical deployment of the Microsoft BHOLD Suite, the BHOLD Access Management Connector module will be used to synchronize identity data among BHOLD Core, Forefront Identity Manager, Active Directory Domain Services, and other identity data stores, such as a human relations (HR) database system. As a consequence, in such deployments, you will not normally use the BHOLD Core portal to add users, organizational units, and roles to the BHOLD Core role model. Instead, you will rely on the FIM Synchronization Service to provision the BHOLD Core role model with data entered and maintained in another, authoritative identity data source, such as Active Directory or an HR database.

The information provided in this guide for managing the BHOLD Core role model is intended to be used when the normal synchronization mechanism is not sufficient for accomplishing your objectives, such as when you need to manage access to IT resources by members of a temporary project team.

For information about installing Microsoft BHOLD Suite SP1, see Microsoft BHOLD Suite SP1 Installation Guide.