How Does Lockout Gate Work

I am back! I haven’t forgotten you all. I was just busying with RTM Update 1 which is now live on Microsoft Update. In Forefront Identity Manager – Credential Management, Part 2, i talked about what Lockout Gate is capable of doing and in the Password Reset Deployment Guide, it mentions if you put the…


Call for Topics

Is there anything in particular that you want to know more? Leave me a message 😛


Self-Service Password Reset to Non-Active Directory System

Background: I often come across two types of questions in both internal and external channels How can I leverage SSPR and reset a password for a non-AD account (e.g. MSSQL, HR or .NET Passport)? How can I implement password filters but do so in FIM instead of AD? For #1, PCNS together with FIM Synchronization…


Custom Credential Provider for Password Reset

The credential provider for Password Reset is fairly simply and straight forward. Since I have joined the team, there is very little code change in that area. Recently, we decided to fix some minor known bug in the credential provider (CP) and I realized I don’t know too much about how CP works. So I …


Forefront Identity Manager – Credential Management, Part 4

This post talks about how client interacts with the server during the course of Self-Service Password Reset Registration and Reset. Majority of the information can be found from either client-side or server-side log. The implementation is subjected to change. If you were to develop a custom SSPR client based on the information below, please make…


Forefront Identity Manager – Credential Management, Part 3

In RC0, setting up Password Reset is a painful process for many of you (including myself). In RC1, we ship FIM with all the MPRs, along with the supporting sets and workflows, you will need for SSPR. Today I am going to talk about why we need each one of them. General: Users can read…


Forefront Identity Manager – Credential Management, Part 2

FIM ships with three Authentication Activities (a.k.a. Authentication Gates) that are used primarily in Self-Service Password Reset (SSPR). Question and Answer GateThis is the most obviously one in SSPR. During registration mode, it prompts the user with a list of pre-defined questions (e.g. What’s your first pet’s name?) The user is required to answer a…


Forefront Identity Manager – Credential Management, Part 1

BackgroundNowadays, for most companies, if an employee forgets his password, very likely he would need to call help desk to reset the password for him. FIM helps enterprise reduce help desk cost by providing “Self-Service Password Reset” (SSPR). Scenario After deployment, employee will be prompted to answer a list of questions (e.g. “What’s the name…