Custom Activities and Workflows

  • Article

Microsoft Forefront Identity Manager 2010 (FIM) administrators create workflows using one or more activities; these activities can be out-of-box activities that are included in the Microsoft.ResourceManagement.dll assembly, or they can be custom activities. Administrators can then specify when those workflows will be run by associating those workflows with events using Management Policy Rules. (For more information, see Management Policy in FIM.)

Developers can create custom activities and workflows in Microsoft Visual Studio 2008 that can be used in the FIM Service. Custom workflows can include a combination of out-of-box FIM activities, custom activities, or Windows Workflow Foundation (WF) activities. Using Windows Workflow Foundation, you can develop a custom authentication, authorization, or action workflow activity to use in FIM.

To develop custom workflows and activities for FIM, you must know about the FIM request processing model and how to develop workflows and activities for WF. To get started, see the guidance that is provided in the FIM Request Processing overview and Windows Workflow Foundation Programming Guide. For guidelines for creating custom activities and workflows, see Developing Custom Activities and Workflows. For an example of creating a custom activity and using that activity in FIM, see Walkthrough: Create a Logging Custom Activity and Deploy it to the FIM Portal.

Custom Authentication Activities

With FIM, you can modify a Credential plug-in (also known as the gate framework) so that you can create your own authentication gate. For example, you could create a custom authentication gate that requires that a user insert a smart card or provide an RSA key. You would also have to create a custom authentication activity for FIM that would interact with the Credential plug-in. Developer guidance for using the gate framework with FIM is currently not available.

Custom Authorization Activities

The following are some example activities that you can implement using a custom authorization activity.

  • Custom approval activity that has a different time interval for the original set of approvers and escalation approvers.

  • Custom approval activity that has more than two levels of escalation.

  • Custom approval activity that calculates escalation approvers based on information in the FIM Service database at the time that the escalation occurs.

  • Custom activity to validate user input. For example, you could require the user to enter an ExpirationTime for a group that is after today, and no more than a year from now.

  • Custom activity to verify that a potential employeeID value does not already exist in the FIM Service database or another connected system, such as Active Directory Domain Services (AD DS).

  • Custom activity to run any PowerShell script.

We do not recommend updating resources in the FIM Service database in the authorization phase of Request Processing.

Custom Action Activities

The following are some examples of activities that you can implement using a custom action activity:

  • Activity that runs FIM Synchronization Service run profiles from a FIM workflow.

  • Activity to send information to a remote system that is not connected through a FIM management agent.

  • Custom activity to run any PowerShell script. For example, the activity could run a script to connect to the file server that is specified for a new user, create a home-share for the user, and set share and NTFS permissions on the share that is created.

  • Custom activity to generate an ExpirationTime for a Group resource.

  • Activity to log the information about the Request object and the WorkflowDictionary that is associated with the workflow into a file. For a code example that implements this action activity, see Walkthrough: Create a Logging Custom Activity and Deploy it to the FIM Portal.

Remarks

Warning

When developing custom activities or workflows you must ensure that you are using .NET 3.5. The FIMService will only work with .NET 3.5. The default option in Visual Studio 2010 is .NET Framework 4. The default option in Visual Studio 2012 is .NET Framework 4.5.

To create a FIM custom workflow, you must have the Microsoft .NET Framework 3.5 and Visual Studio 2008 installed.

Note

For custom activities to load correctly and appear in the Workflow Designer in the FIM Portal, they must be signed. For more information, see How to: Sign an Assembly with a Strong Name.

Warning

If you receive an error message that states, "Workflow Manager could not deserialixe XOML definition", remember to rebuild you workflow activities using the new FIM DLLs. This issue can occur if you have updated the FIM binaries but have not rebuilt your workflow activities using the new DLLS.

See Also

Concepts

Walkthrough: Create a Logging Custom Activity and Deploy it to the FIM Portal
Developing Custom Activities and Workflows
How to: Create a Custom Activity Library
Rendering Custom Activities in the FIM Portal

Other Resources

Using Forefront Identity Manager