| Experts Corner Article |
To be able to access the FIM portal as a regular user, the following MUST be true:
· The user has an AD user account
· The attributes “Domain”, “AccountName” and “ObjectSID” must have values populated about that AD user account synched by the FIM Sync Engine
· The correct permissions have been configured for the AD user account in the FIM Portal (see more below)
To configure the correct permissions in the FIM Portal to allow portal access for regular users, additional configuration checkboxes appear during the installation of the FIM Portal:
· Grant Authenticated Users access to the FIM Portal Site (must be checked if you want to allow access to the FIM Portal)
· Grant Authenticated Users access to the FIM Password Reset Site (must be checked if you want to allow access to the FIM Password Portal)
In addition to this all, you as an administrator need to enable a few MPRs which by default are disabled. I’m talking about the following MPRs:
· ”General: Users can read non-administrative configuration resources”
· “User management: Users can read attributes of their own”
You can check the MPRs in the FIM Portal or use can use this powershell script to do that for you.
This is for simple plain FIM Portal access. If you want to allow a user to do more, you need to create and/or enable additional MPRs.
| Go to the Experts Corner |
Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)