Identity Manager (FIM/MIM): Planning security setup for accounts, groups and services - Table of contents
Short URL
Bookmark: https://aka.ms/FIM2010Security
Legend
= Link to the other Wiki pages of this guide.
Table of contents
Part 1: Introduction
Purpose & Scope
Purpose
In scope
Out of scope
Document & Naming Conventions
References
FIM vs MIM
Naming conventions
Account types
Generic security principles
References
Threats
Principle of least privilege (PoLP)
Privilege separation
SoD (Segregation of duties) & Account Isolation
4-eyes principle
Number of accounts vs security risk
Additional reading
Part 2: FIM security principles
References
Best practices
Best practices for security
Part 3: Compact Check list
Legend
Pre-installation: Backend configuration
Pre-installation: Account creation
Pre-installation: Account lock down
Post-Installation: Set operational admins
Hotfix installation
Part 4: Detailed Description
Pre-installation: Securing the FIM backend infrastructure
SQL Server
IIS5
SharePoint6
Pre-installation: Securing FIM/MIM Components
FIM/MIM general
FIM/MIM Setup
FIM/MIM Service
FIM/MIM SSPR – Registration & Reset portals
Management agents
FIM/MIM Certificate Management
FIM/MIM Reporting (SCSM)
BHOLD
Security during Installation
FIM/MIM setup account – functional account
FIM/MIM SSPR – Registration & Reset portals
Post-installation: Securing FIM
FIM/MIM Service
FIM/MIM Portal (SharePoint)
Portal Security
Post-installation: Securing FIM Backend
Portal Security
Part 5: Operational best practices
References
FIM/MIM Default folders
Source code location
Part 6: References & Authoritative resources
Security (General)
FIM/MIM
SQL Server
SharePoint
IIS
Part 7: Additional resources
Security Best practices
FIM/MIM
MIM 2016 Product info
IIS
Part 8: Glossary
Glossary, abbreviations & acronyms
Part 9: Release Schedule
Only available offline
Appendix A: Account overview for FIM basic configuration
Appendix B: Documentation - Compact Check lists
Pre-installation: Backend configuration
Pre-installation: Account creation
Pre-installation: Account lock down
Post-Installation
Hotfix installation
Appendix C: Security Implementation Sign-off sheet
CISO or authorized security delegate
Sign off
FIM Options implemented
Derogations - Exceptions implemented
Download
Download the entire guide at once, in PDF version from Technet Gallery.
This document has some additional content, which is not available online.
Reviewers & Credits
Great thanks to the following people to provide feedback and additional content on the source documentation (see offline document for download)
- Gill Olsen (Microsoft Premier Field Engineer)
- Laurent Benmeziani (Microsoft Premier Field Engineer)
- Thomas Vuylsteke (Microsoft Premier Field Engineer)
Due to privacy reasons some reviewers have requested to be kept anonymous, but their help is greatly appreciated!
Direct Links
- FIM/MIM: Planning security setup for accounts, groups and services - Table of contents
- FIM/MIM: Planning security setup for accounts, groups and services - Part 1. Introduction
- FIM/MIM: Planning security setup for accounts, groups and services - Part 2. FIM Security principles
- FIM/MIM: Planning security setup for accounts, groups and services - Part 3. Compact Checklist
- FIM/MIM: Planning security setup for accounts, groups and services - Part 4. Detailed Description
- FIM/MIM: Planning security setup for accounts, groups and services - Part 5. Operational Best Practices
- FIM/MIM: Planning security setup for accounts, groups and services - Part 6. References & authoritative resources** **
- FIM/MIM: Planning security setup for accounts, groups and services - Part 7. Additional resources** **
- FIM/MIM: Planning security setup for accounts, groups and services - Part 8. Glossary
- Identity Manager (FIM/MIM): Planning security setup for accounts, groups and services - Part 9. Release Schedule
- Identity Manager (FIM/MIM): Planning security for accounts, groups and services - Core account type differentiators (Part 10)
Return to Table of Contents of the article series.