How to Configure ENTSSO for ILM Password Sync
After configuring the XML file and FIM 2007, the remaining configuration steps take place in the Enterprise Single Sign-On (ENTSSO) system. Follow these steps to allow Password Sync from FIM 2007.
In Enterprise Single Sign-On, click the Servers node.
Right-click the appropriate server, and click Properties.
Click the Password Sync tab.
Select Allow password sync from FIM 2007.
Click OK.
To allow Password Sync from FIM
In Enterprise Single Sign-On, click the Servers node.
Right-click the appropriate server, and click Properties.
Click the Password Sync tab.
Select Allow password sync from FIM.
Click OK.
To enable Password Sync on the system level
In Enterprise Single Sign-On, right-click the System node.
Click Properties.
The Properties dialog box appears.
Click the Options tab.
In the Enable Password Sync field, select From Windows to Adapters.
Additional Configuration
Finally, you must configure one of the following:
A Password Sync Adapter that accepts Windows Password Sync.
Direct Password Sync enabled on at least one application.
For information about how to do this, refer to your Password Sync documentation.
To configure the EntSSO MA for FIM 2007 Password Sync
On the ENTSSO Management Agent Properties page, click Configure Extensions.
In the Connection information for password extension field, click Settings.
In the Connect To field enter the name of the computer that will receive the password changes.
The computer name must be in the same format that was used when creating the Service Principal Name (SPN) for the ENTSSO service on the domain.
For example:
Short format - SPN = ENTSSO/ABCD1411, then enter ABCD1411
Long format - SPN = ENTSSO/ABCD1411.CompanyName.com then enter ABCD1411.CompanyName.com
Additional Configuration Steps
Click Start, point to All Programs, point to Microsoft Identity Integration Server, and then click Identity Manager.
On the Tools menu, click Options.
Select Enable Password Synchronization.
In the Management Agents view, select ADMA.
In the Action pane, select Properties.
On the Properties page, select Configure Directory Partitions, and then select Enable this partition as a password synchronization source.
Click Targets, and then select ENTSSOMA2 to enable it to receive password changes from FIM 2007. Deselect ENTSSOMA. Click OK, and then click OK again.
In the Management Agent view, select ENTSSOMA2. In the right-hand pane, select Properties. On the Properties page, click Configure Extensions.
Confirm that Enable password management is selected, and then click Settings.
In the Connection Settings dialog, specify the following:
Connect To: INTSVR1.fabrikam.com
User: fabrikam\ssosvcact
Password: ssosvcact
Note
This account should match the ENTSSO service account configured on INTSVR1.fabrikam.com.
Click OK, and then click OK again.
You can also disable password sync for FIM 2007. To do this, in Identity Manager, click the Tools menu, click Options, and then deselect Enable Password Synchronization.
The following restrictions will apply:
For Password Sync to function properly, SPN must be configured on the ENTSSO service account that the ENTSSO Management Agent will communicate with.
Communication between FIM 2007 and the ENTSSO server requires Kerberos.
When configuring Password Extension in the FIM 2007 connection configuration for the ENTSSO Management Agent, the account specified must match the service account for the ENTSSO server that will receive passwords from FIM 2007.