Share via


Display Name Validation Activity - A Custom ILM2 Authorization Activity

I have tried in a few of my posts regarding the Microsoft Identity Lifecycle Manager "2" request processing model to emphasize that the Authorization (AuthZ) phase can be used for more than just seeking another person's approval for a specific request.  ILM2 will ship with some additional validation activities to be used inside this phase of processing; however, I anticipate that enterprises may want to write their own custom validation logic.  To help out I am making available a 40 minute video where I walk you through writing a custom activity to be used in the AuthZ phase to perform additional validation on a resource's DisplayName attribute before allowing the request to be processed.

In what I call the DisplayNameValidatorActivity, I have created an activity that allows administrators to configure ILM2 workflow definitions to check the DisplayName attribute for the presence of a list of illegal words.  Both the set of illegal words and the delimiters used to define a word are configurable to allow the behavior of the activity to grow without requiring recompiling and deployment.

After implementing the actual activity code, I continue to walk you through writing the code required to expose this activity through the ILM2 portal's workflow designer.  I then walk you through the actual deployment of this new activity to an ILM2 web service.  Finally, I use the ILM2 web portal to create a workflow definition including my new activity, connect it to an ManagementPolicyRule, and trigger the execution of the workflow - showing both a case where the activity denies the request and a case where the activity allows the request.

The concepts used in this activity will allow developers to understand how to create custom activities to be used within an ILM2 deployment for doing complex inspection of a request's content to determine whether or not that request should be allowed.  As always, enjoy...

Video Length : ~40 minutes

Comments