What Is Forefront Identity Manager?

Microsoft Forefront Identity Manager (FIM) 2010 is a powerful set of applications that together form a complete Identity and Access Management (IAM) platform. This platform allows organisations to reduce the ITC cost of managing the user lifecycle through automation of traditionally manual business processes relating to Identity & Access Management.

With a number of new products, and several re-brandings of the suite since Microsoft first acquired the original Synchronization Service technology in 2003 (Read the full history of FIM here), the suite is now comprised of 5 separate products, each providing certain IAM system functionality.

Components of Microsoft Forefront Identity Manager 2010:

FIM Synchronization Service
The FIM Synchronization Service is the work horse of the FIM 2010 suite. It provides connectivity to external systems through its Management Agents interface, as well as a composite view of identity data in these systems known as the Metaverse. A highly extensible system based on the .NET platform allows for joining identities between systems, managing data flow, password synchronization and user, group & role provisioning.

FIM Service and Portal
Introduced when ILM 2007 rebranded as FIM 2010, the new FIM Service and Portal provide user self-service, workflow capability and group management, all wrapped within a tight security framework that enables role based access control. The FIM Portal also provides an alternative mechanism to configure synchronization rules within the Synchronization Service, allowing for codeless provisioning and advanced attribute flows.

FIM Certificate Lifecycle Manager
Introduced with ILM 2007, the FIM Certificate Lifecycle Manager provides the capability to centrally manage smartcards and digital certificates within FIM 2010, thus vastly reducing the cost of deploying multi-factor authentication.

FIM Password Reset Portal
The FIM 2010 R2 Password Reset Portal replaces the previous Self Service Password Reset (SSPR) capability provided in earlier releases of FIM 2010. As a stand-alone, cross-browser compatible website, it gives all users who have registered for SSPR the ability to reset their password. Behind the scenes, it communicates directly with the FIM Serice to facilitate the password change in any target systems.

FIM Password Registration Portal
The FIM 2010 R2 Password Registration Portal allows users to enrol for Self-Service Password Reset. This was introduced in FIM 2010 R2 to replace the interactive registration in FIM 2010, which previously only worked for Windows clients attached to the domain. Typically this is used to register Questions and Answers that are used during password recovery in the Password Reset Portal.

BHOLD Suite
Joining the FIM product suite in FIM 2010 R2, BHOLD is an Identity and Access Governance product that adds role and authorization management to FIM 2010. Specifically, BHOLD provides Role Based Access Control (RBAC), Attestation, Analytics and Reporting .

2 comments on “What Is Forefront Identity Manager?
  1. Marcus Lasance says:

    Is the BHOLD suite free for corporate FIM users?

    Is there a good technical whitepaper on its RBAC support capabilities?

    Thanks for your reply

    • Ross Currie says:

      Hi Marcus,

      Generally speaking, yes BHOLD suite is included in your license fee for FIM 2010, but you’ll have to consult your Microsoft Licensing partner for specifics to your situation. As for a white paper about its RBAC capabilities… yes, there is. There are also some really good webinars on youtube and on OCG’s website which cover the capabilities of RBAC too

Leave a Reply

Your email address will not be published. Required fields are marked *

*