Microsoft Forefront Identity Manager 2010 (FIM) administrators
create workflows using one or more activities; these activities can
be out-of-box activities that are included in the
Microsoft.ResourceManagement.dll assembly, or they can
be custom activities. Administrators can then specify when those
workflows will be run by associating those workflows with events
using Management Policy Rules. (For more information, see Management Policy in
Developers can create custom activities and workflows in Microsoft Visual Studio 2008 that can be used in the FIM Service. Custom workflows can include a combination of out-of-box FIM activities, custom activities, or Windows Workflow Foundation (WF) activities. Using Windows Workflow Foundation, you can develop a custom authentication, authorization, or action workflow activity to use in FIM.
To develop custom workflows and activities for FIM, you must know about the FIM request processing model and how to develop workflows and activities for WF. To get started, see the guidance that is provided in the FIM Request Processing overview and Windows Workflow Foundation Programming Guide. For guidelines for creating custom activities and workflows, see Developing Custom Activities and Workflows. For an example of creating a custom activity and using that activity in FIM, see How to: Create a Custom Logging Activity.
Custom Authentication Activities
With FIM, you can modify a Credential plug-in (also known as the gate framework) so that you can create your own authentication gate. For example, you could create a custom authentication gate that requires that a user insert a smart card or provide an RSA key. You would also have to create a custom authentication activity for FIM that would interact with the Credential plug-in. Developer guidance for using the gate framework with FIM is currently not available.
Custom Authorization Activities
The following are some example activities that you can implement using a custom authorization activity.
- Custom approval activity that has a different
time interval for the original set of approvers and escalation
- Custom approval activity that has more than
two levels of escalation.
- Custom approval activity that calculates
escalation approvers based on information in the FIM Service
database at the time that the escalation occurs.
- Custom activity to validate user input. For
example, you could require the user to enter an ExpirationTime for
a group that is after today, and no more than a year from now.
- Custom activity to verify that a potential
employeeID value does not already exist in the FIM Service database
or another connected system, such as Active Directory Domain
Services (AD DS).
- Custom activity to run any PowerShell
- Activity to log the information about the
Request object and the WorkflowDictionary that is
associated with the workflow into a file. For more information, see
We do not recommend updating resources in the FIM Service database in the authorization phase of Request Processing.
Custom Action Activities
The following are some examples of activities that you can implement using a custom action activity:
- Activity that runs FIM Synchronization
Service run profiles from a FIM workflow.
- Activity to send information to a remote
system that is not connected through a FIM management agent.
- Custom activity to run any PowerShell script.
For example, the activity could run a script to connect to the file
server that is specified for a new user, create a home-share for
the user, and set share and NTFS permissions on the share that is
- Custom activity to generate an ExpirationTime
for a Group
To create a FIM custom workflow, you must have the Microsoft .NET Framework 3.5 and Visual Studio 2008 installed.
|For custom activities to load correctly and appear in the Workflow Designer in the FIM Portal, they must be signed. For more information, see How to: Sign an Assembly with a Strong Name.|