Forefront Identity Manager 2010

Mollie SMS Workflow Activity

By: Oxford Computer Group (BNL)Author(s): Sjef van Leeuwen, Wim van den Heijkant

Document name: Mollie SMS Workflow ManualProduct Version Version: 1.0Release Date: Release Date: 2023-04-09

IntroductionThe Oxford Computer Group Mollie SMS workflow activity for Forefront Identity Manager 2010 allows you to send SMS messages directly from a Forefront Identity Manager workflow. This allows you to build your own workflows that can for example; send a notification SMS to a new user that a new account has been created and is ready for use.

This document describes the prerequisites, installation and some specific configuration examples.

ContentsIntroduction............................................................................................................................2

Prerequisites...........................................................................................................................3

Installation..............................................................................................................................4

SMS Workflow configuration................................................................................................10

Selecting the activity......................................................................................................10

Configuring the Activity.................................................................................................11

Configuration examples........................................................................................................13

New user – Account Name & Password notification.........................................................13

Frequently Asked Questions.................................................................................................18

Prerequisites Your own installation and configuration of Forefront Identity Manager 2010 An account with credit at Mollie

(See https://www.mollie.nl/aanmelden/ for more information, unfortunately website is only in Dutch.)

A network connection from you FIM Service Server to the Mollie URL over port 80 or 443

InstallationBefore you proceed with the installation, please confirm that you have all the prerequisites described above.

To run the installation of the OCG Mollie SMS activity logon with an account that has at least the following permissions:

- Local Administrator on the FIM machine (use run as administrator to start the installer so you bypass the User account control feature)

- Access to your Forefront Identity Management portal with permissions to:o Logon to the FIM portalo Update the FIM schemao Create a new Assembly Activity Information Configuration object

If When you run start the installation you will see the following screenthe following screen will appear:

Please read the end-user license agreement and after accepting it, click ‘Next’.

Enter the FIMServiceBase FIM Service address and click ‘Next’.

Note: In our installation this is localhost, but in your configuration this might be the FQDN of your FIM server of a load balancer that divides the load over multiple FIM servers. When using multiple FIM Servers, do not enter the address of your load balancer, but install the software on each Server Node locally.

If this is the first time the activity is being installed, the installer will generate a free 30 day trail trial license. Please specify a company name for the license and click ‘Export’. This will open a file dialog for saving our your license file.

Note: This feature was added to allow you to start testing and using the OCG Mollie SMS activity strait awayimmediately. It will only workThe license is valid for 30 days from the day that you generated the license. If you have eventuated evaluated the activity and it works as expected please contact sales@oxfordcomputergroup.nl to obtain an additionala production license. Please also note that when you upgrade/reinstall the activity this screen will be skipped, so make sure you keep a copy of the license file.

Save the License file, we will need this later when we configured the workflow. (See chapter configuration examples).

The installation confirmation screen will appear. It shows you which Activities, attribute bindings and management agents are going to be installed. To confirm installation, click ‘Install’.

The FIM service and IIS service need to be restarted for the installation to be completed. You can do this here by checking the `Restart service when setup is completed` check box or you can do this at any point time after the installation manually.

To finalize the installation click ‘Finish’.

SMS Workflow configuration

Selecting the activityAfter installation of the Mollie Sms SMS Activity, the activity will have been registered in your activity information configuration of FIM. You can then easily select it when creating a new work-flow.

Configuring the ActivityAfter selecting the OCG Mollie SMS Activity, you can begin configuring the settings for sending SMS messages over the Mollie SMS HTTP gateway network.

Disable workflowDisables the workflow, this is usefull if you want to test the workflow chain without actually sending a SMS message.

Use ImpersonationIf enabled, the workflow will run under a different actor as specified under Impersonated ActoryId. This is useful if you want to temporary give the activity elevated rights.

Impersonated ActorIdContains the globally unique identifier of the actor under which the activity is executed.

License certificateDuring installation a trial license certificate is generated. You should copy and paste the contents of the “.lic” file into this textbox in order to unlock the SMS Activity functionality.

Mollie URL AttributeThis is a fixed URL, either Http or Https as specified by the Mollie SMS gateway provider. We advise you to always use the secure gateway being: https://secure.mollie.nl/xml/sms

Mollie Username AttributeThis is the user name as provided by Mollie to logon to the SMS gateway.

Mollie Password AttributeThis is the password as provided by Mollie to logon to the SMS gateway.

Originator AttributeThis identifies the sender of the SMS message. This can be a descriptive message, such as “Password Service”.

Originator AttributeThis is a relationship to which attribute in the FIM (person) schema will contain the phone number of the recipient. In this example we used the standard “MobileNumber” attribute binding on the Person resource type.

Message AttributeThis is a relationship to which attribute in the FIM (person) schema will contain the SMS message to be sent to the recipient. The Mollie installer creates a default Text attribute binding “OcgBnlSmsMessage” for you, extending the Person resource type. We advise you to use this attribute binding.

Configuration examplesThis chapter discusses a couple of ways in which the OCG Mollie SMS workflow can be used to benefit your FIM installation. Please note; the way you use this activity is up to you, these are just examples.

New user – Account Name & Password notification

Scenario descriptionThis scenario describes how the OCG Mollie SMS workflows activity is used to notify a user that an account has been provisioned and tell him what username and password he should use. In our scenario the following steps are taken:

Mollie

CONNECTOR SPACE(CS)

MA

Active Directory

METAVERSE(MV)

FIM Portal Database

MA

HR Application(Or other Identity Source)

MA

01

03

04

02

05

1. A new user is created. In the FIM Portal, your HR system or any other authoritative source.(If the user was created outside of FIM Portal the new user is fisted first synchronized into the FIM portal database.)

2. A workflow within the FIM portal generates an initial password for the new user as stores it in an initial password attribute on the user object.

3. The Forefront Identity manager synchronization process takes the new user and creates an AD user account for this new user. Using the initial password created in the FIM portal.

4. When the user account is created in Active directory the ObjectSID of the user is synchronized back to the FIM portal.

5. A workflow with the OCG Mollie SMS activity is triggered to notify the user that the account is created and that he can now start using his newly created account.

AssumptionsThis scenario description has the following assumptions:

1. We assume that you have already installed the activity as described in the chapter: “Installation”

[2.] We will only explain who how to configure step 5 of this process to learn how to configure step 1 t/m 4 please refer to Microsoft’s online documentation1

2.[3.] The password generated in step 2 is stored an attribute called ‘InitPWD’ 3.[4.] The username of the user is stored in the ‘AccountName’ attribute 4.[5.] The users mobile phone number (where we send the SMS message to) is stored in

the ‘MobilePhone’ attribute

ConfigurationTo configure step 5 we need the following components:

1. A workflow that will built the SMS message & Send the SMS message to the end user

2. A management policy rule that will ensure that the workflow is triggered when the new users ObjectSID attribute is updated.

The first thing we need to do is create a new workflow. Select workflows and click new:

1 http://technet.microsoft.com/en-us/library/ee621259(v=ws.10).aspx

Specify a name, select workflow type action and click ‘next’

From the Activity Picker select the ‘Function Evaluator’

Now enter a name for this activity for example: ‘Built the SMS Message’ and Select the destination. Which in our case is ‘[//Target/OcgBnlSMSMessage]’. Now we can start building the message by concatenating strings with other values like DisplayName, AccountName and InitPWD.

In our example we start with: String of ‘Dear ’ The value of DisplayNameSting of ‘, Welcome to Oxford Computer Group. Your account is now ready for use. You can logon to your computer with username:’ The value of AccountnameString of ‘ and password: ’The value of InitPWDString of ‘ Kind regards, IT Servicedesk’

Click ‘Save’.

The resulting text message forDisplayName Erik Plenter Accountname ErikPInitPWD Oxford901!

Would be:Dear Erik Plenter, Welcome to Oxford Computer Group. Your account is now ready for use. You can logon to your computer with username: ErikP and password: Oxford901! Kind regards, IT Servicedesk

This value is written to the OcgBnlSMSMessage Attribute.

Now that we have the sms SMS message content setup we can configure the actual sending of the SMS. Click Add Activity and select the ‘OCG Mollie SMS Activity’ and click ‘Select’.

Frequently Asked QuestionsThis chapter was added to answer the most frequently asked questions. If you question is not answered in this chapter please contact Sales@oxfordcomputergroup.nl for assistance.

Who How do I setup the correct portal permissions to install the OCG Mollie SMS activity?When you configure a workflow within FIM you need to select an activity in the activity pickier:

These activities are registered within the FIM service database as ‘activity information configuration’ objects. During the installation of the Mollie SMS workflow activity the account that you use to do the installation will attempt to add the ‘activity information configuration’ (AIC) object required for you. But of course you do need to have enough permissions to actually create this AIC object within the portal.

If you have FIM R2 installed or FIM with at least update 1(Build 4.0.3531.2 - KB978864) installed being a member of the ‘Administrators’ set is enough to allow you to create the AIC objects. The default management policy rule ‘Administration: Administrators control configuration related resources’ will allow you to create AIC objects and no further action is required.

But iIf your FIM configuration is still RTM built (Build 4.0.2592.0) or even RC1 then you will have to manually set the correct permissions. There is an error in the default management policy rule that doesn’t allow you to create AIC objects that are of the type ‘Action’. To fix this error open up the ‘Administration: Administrators control configuration related resources’ management policy rule and go to the ‘Target Resources’. In the Select specific attributes click brows and ensure that the IsActionActivity attribute is selected.

Who How do I know exactly what FIM Service version I’m running?To find out which version of the FIM service you have go to: “…\Program Files\Microsoft Forefront Identity Manager\2010\Service” and open the properties of the ‘Microsoft.ResourceManagement.dll’.

Who How do I create an account with Mollie?For sending SMS messages we need an account at Mollie, the SMS gateway we use.

Below you can see screenshots of the steps needed, it is fairly straight forward so only a small description is added to the screenshots.

Registrations please fills in all the forms, read the policies and proceed.

After this you will receive an email that explains how to activate your account.

Once activated, you can login and you will be presented with this screen, here you can track all statistics and manage your account.

At the right of the screen you can see how much credits are left for sending messages, the button below it is used to buy more credits.

After clicking on the button ‘Opwaarderen’ you will see this screen., wHhere you can insert any amount of credits you would like to buy, the minimum is 100.

The button next to it will calculate the price and show payment options like shown below.

When using iDEAL or a credit card, credits are immediately available on your account., with When using bank transfer it can take up to 4 days.

After you have finished the payment and the credits are available, your account is ready to be used with the FIM Mollie SMS Activity.