FIM2010-Handy Navigation Bar Resources

I was poking around through the system and talking to a friend who used to do a lot of Sharepoint in a previous life and he gave me a couple interesting tidbits that I thought interesting to share.

“Sign in as another user” Navigation Bar Resource

This is probably one of the handiest things for many clients I’ve dealt with. This navbar item prompts the user to add alternate credentials so that they can log into a portal under a different name. This is really handy in cases where the user may regular user accounts and administrative account to comply with proper separation of duty (SOD) tasks.

The settings for this navigation bar resource are:

DisplayName: Log in as another user
Usage Keywords: BasicUI
Parent Order: 90
Order: 0
Navigation URL: ~/IdentityManagement/_layouts/AccessDenied.aspx?loginasanotheruser=true

“Sign Out Current User” Navigation Bar Resource

This one goes hand in hand with the one above. The administrative user should actively log out of their session so that if their system is accidently left open, the administrative account is no longer available. (Note that the unauthorized user could start a browser and would get the users regular portal access which would most likely be no different than their own).

The settings for this navigation bar resource are:

DisplayName: Sign Out
Usage Keywords: AdminUI
Parent Order: 91
Order: 0
Navigation URL: ~/IdentityManagement/_layouts/signout.aspx

Note that many of the settings here are customizable such as the parent order and usage keywords. I have the parent order set such that the “Log in as another user” and “Sign Out” links are at the bottom of the navigation bar and both are headers (Order = 0).

The usage keywords are set such that the “BasicUI” are granted to all users who are accessing the FIM Portal. The custom “AdminUI” keyword has been set up to allow for anyone who is in defined administrative sets to see it. It made no sense to have a signout link for regular user accounts when simply reopening a browser will log them back in again.

This entry was posted in Forefront Identity Manager 2010. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s