The Last FIM Metaverse Extension You Will Ever Need

The third tool in the “The Last of” series is really another option for codeless provisioning (with out having to go to the FIM Service/Portal).  The Last FIM Metaverse Extension You Will Ever Need takes advantage of the configuration of a special MA to determine the initial flows needed to provision a new object.  This is done in two parts.  Here’s how it works. 

The Provisioning Management Agent
You will need to create an MA a special MA of type “Provisioning Management Agent (Insight)”.  This is an ECMA that inspects the configuration of the FIM Synch engine, allowing you to use the UI to define the provisioning rules for the other MAs in the environment.  You will not create run profiles for this MA, it will never be executed in that manner.

First, make sure you install the packaged Provisioning MA and the Insight.FIM.CodelessProvisioning.dll from http://fimmv.codeplex.com. Now, when configuring the MA, the first thing you will need to do (after giving it a name) will be to use the Connectivity tab to enable provisioning.  You can do this by MA and by MA object type.  One nice thing about this set-up, you can selectively turn on and off provisioning with out having to change any of the flow rules defined.  In this example, I have two MAs, the HR MA with one object type of person and a CRM MA with two types, person and group:

I have enabled provisioning for person objects in the HR MA and then clicked Next. Then, I clicked Next on the Configure Partitions and Hierarchies tab, we will be using the default values.

On the Object Types tab, you will see a list of Management Agents.  In essence, what this page is asking you is which MAs you want to define provisioning rules for.  At a minimum you will want to select the MAs that have at least item selected from the Connection tab. In this case I am going to define provisioning rules for the HR MA, which I have enabled for provisioning.  Additionally, I could define rules for the CRM MA if I plan on enabling it at some point in the future:

On the next tab, you will want to select the attributes that you are going to define initial flows for.  At a minimum you will need to check the attribute “Anchor”.  I have selected a few of the basic attributes I want to set during provisioning:

Next is the Anchors tab, leave the default values (Anchor attribute = Anchor) and click Next.

You should now be on the Configure Connector Filter tab, the provisioning code currently does not use this tab, but that could be a useful enhancement in the future.  Leave the filters blank and click Next.

Ditto with the Join and Project Rules, these won’t be used, leave them blank and click Next.

Now comes the interesting tab.  On the Attribute Flow section, define the flows that you want as your initial flows as Export flows for the MA and object type.  For example, if I want the ID, DisplayName, Email, FirstName and LastName set on a new HR MA person when the object is provisioned, I will define an Export flows for each of those:

Currently, only direct and constant flows are supported.  Although I am working on adding Advanced flows via the same mechanism as The Last FIM Management Agent Rules Extension You Will Ever Need in which the C# code that defines the advanced flow is placed directly in the Flow rule name.  Click Next when done defining the flow rules.

Click Next through the Deprovisioning and Extensions tab (you may need to provide a dll for the Rules extension name, you can simply use the Insight.FIM.CodelessProvisioning.dll).    That’s it!  You should now see your new Provisioning MA in the Sync client.  Don’t create more than one of these, currently only the first Provisioning MA found will be used.

Unfortunately, should you rename one of the MAs configured, you will need to update the schema of the Provisioning MA and then redefine the flow rules.

The Metaverse Extension
Okay, now all you need to do get this working is set the Metaverse Rules Extension to use Insight.FIM.CodelessProvisioning.dll and enable it:

Here’s what happens next.  When the provisioning code runs, it will go and look for a Provisioning MA.  It will then transverse the configuration of the MA to determine which objects to create and which flows to apply.  In this example, the provisioning code will see that I need to provision a new HR MA object of type person and set the ID, DisplayName, Email, FirstName and LastName on the object using the flow rules I defined.

Its an interesting concept and provides a well known UI to set up codeless provisioning without the overhead of the FIM Service. 

Let me know what you think!

The Last FIM Management Agent Rules Extension You Will Ever Need

For the next in the Last FIM series, I extended the concept introduced in The Last FIM Workflow You Will Ever Need to the Synchronization Engine.  In this case, this Management Agent Extension will take the Attribute Flow Name provided, compile it and run it like code.  So as an example, if you were creating an import flow to displayName and wanted to calculate it by concatenating  firstName + " " + lastName from the connector space, you could do the following as the Flow rule name: mventry[“displayName”].Value = csentry[“FirstName”].Value + " " + csentry[“LastName”].Value:

In order to make this work, download and install the CodePlex project from http://fimma.codeplex.com, then reference the Insight.FIM.CodelessSync.dll on the MA Extensions tab:

A few things to note, currently the code that you can place in the Flow rule name is limited to a single line, so only fairly simple calculations can be performed, but it may keep you from having to go to the Portal for "codeless" sync rules.  Only C# syntax is currently accepted, although a VB version could be written.  There may also be some value in writing a version that uses its own simplified syntax.  Only reference the .Value property of any mventry or csentry attribute.  The extension will inspect the data type to determine how to handle it from there.  Also, this can be nicely combined with an existing MA Extension code you might have, simply use it as your default call on your switch statement for import or export flow code:

public void MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)        {            switch (FlowRuleName)            {                case "existingFlowName":                    //existing code                    break;                default:                    runCommand(FlowRuleName, mventry, csentry, "mventry");                    break;            }                   }

The extension is fairly new, so may still need some tweaking, but I wanted to get it out to the community for your feedback and contributions.  Let me know what you think!

Also, be on the watch for the next in the Last FIM series, The Last FIM Metaverse Extension You Will Ever Need.

The Last FIM Workflow You Will Ever Need, Part 2

A year ago I introduced the idea of a FIM Workflow that would allow you to use the UI to write the code that you wanted executed at run time. Since then I have updated the workflow to allow you to also specify additional references and using/import statements. 

I also got approval to upload the project to CodePlex so that you can have access to it.  Check it out at http://fimwf.codeplex.com and let me know what you think!

Be on the lookout for the next item in Last FIM series,the Last FIM Management Agent Rules Extension You Will Ever Need.