Is this scenario possible with FIM: new user enters their information into portal over the internet and is not added/active in AD until approved by existing account holder? If so, could you point me to some documentation? ThanksBill

exposing FIM to the internet is not supported, not even with UAG The FIM Password Reset Blog http://blogs.technet.com/aho/

Doesn't the "External Connector" imply that the people accessing it will be over the Internet? From MS: “ An External Connector License is required for each FIM server accessed by partners, suppliers, and other unaffiliated external users” Thanks, Mark Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

Terminology used is definitely confusing. I had interpreted the external connector as neccesary/economic where accounts belonging to external users which are being managed by FIM service/CLM, irrespective of whether those users actually access the FIM Portal. So they may access a reporting system via the internet, using an AD account provisioned by FIM. As the account is provisioned by FIM and present in the portal my understanding is it requires either a CAL, or the external connector, even though the user never accesses the Portal directly.

You state that it is not "supported" but is it possible? Since the portal is Sharepoint based, it would not seem difficult to have an internet facing presence. Can you provide more information on why it is not supported?Bill

I guess the password reset functionallity is probably not meant to be internet facing as PC's need to be logged on to the domain. As for the user management stuff in the portal I can't see no reason why that wouldn't work. But why it's not supported I don't know.http://setspn.blogspot.com

not supported because it is not tested that said, there are known issues with that... some object picker, popup blocker, javascript, etc will have problem when IE is rendering the site in internet zone. also, FIM is designed as an intranet product. we've gone through a security review based on that. Exposing FIM to the internet might have other security implicationThe FIM Password Reset Blog http://blogs.technet.com/aho/

I have a variation on this question - what if TMG is placed in front of it and the user must first authenticate with TMG. Could FIM be used to delegate administration of extranet users to authenticated extranet users? The FIM portal would be served up by TMG. Thanks, BillBill

I have a variation on this question - what if TMG is placed in front of it and the user must first authenticate with TMG. Could FIM be used to delegate administration of extranet users to authenticated extranet users? The FIM portal would be served up by TMG. Thanks, BillBill

FIM team hasn't tested this explicitly. We know FIM should work with windows auth. For an explicit support statement, please contact PSSThe FIM Password Reset Blog http://blogs.technet.com/aho/