FIM2010–Defining and Documentation of Management Policy Rules (MPRs)

Well, here is the new year full of promise and excitement for everyone as we continue to trek down into the realm of Identity Management with all of the technical and political issues that become challenges.

I start this year back on a client site mapping a variety of different MPR’s back to their source to resolve some unexpected behaviour. As I go down into the issue, I start to think about my last couple engagements where the use of a simple state diagram or flow chart helped map out what MPR’s are expected to be used in the different transitions of a user’s account creation.

I’m starting to think that this model is quite handy in being able to define and communicate the concepts to the clients. I have a starting state of “new user added” and then all the MPRs which are required to get it to the steady state of “user provisioned”. If you can define states, you can most certainly identify the MPRs that got you from the initial state to the next state (and there can be a variety of different states here including – new user added, user login ID defined, AD attribute requirements completed, user provisioned, etc). The states are simply the milestones by which another event may occur within the environment (whether by MPRs themselves or an external process such as human interaction).

All in all, it doesn’t really matter how you document the MPR’s in the enviroment, the state diagram is only an example which helps my clients understand where different MPRs are used. What does matter is that you clearly map and define what your MPRs are doing so that there is an effective means of being able to troubleshoot and compare the expected MPRs that fire for a given event versus the actual list of MPRs that fired.

Advertisements
This entry was posted in Forefront Identity Manager 2010. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s