FIM Knowledge Bit I've uploaded XMA to provisioning Google Apps Premium / Education Edition. You can provision / deprovision users to Google Apps through Google Apps Provisioning APIs. http://sourceforge.net/projects/fim2010mas/files/ Comments are welcome :) Go to the FIM Knowledge Bit Collection

Hi Naohiro! I stumbled upon your post on Google forums as well as here. I was wondering if you could provide a simple strategy for properly managing a Google Apps Premier (non-profit) environment along with an Active Directory environment. Scenario: We started on Google Apps but have a need to eventually integrate with Microsoft systems via AD. Google's Directory sync tool is only one-way from AD -> GAPPS. We ideally want a two-way solution. I have read about ADFS 2.0 and FIM 2010 as potential options. We also have an unlimited user-license from Atlassian for their SSO solution called Crowd. We want to seamlessly "sync" our GAPPs environment into AD at least once, and then from there onwards, we can manage identity from the new system. We need to be able to do the following: 1. maintain and manage Google Group memberships (preferably for both domain and non-domain users) 2. provision and de-provision users within GAPPS and AD environment 3. Sync and manage OUs in AD and GAPPS Technologies we are considering: 1. Atlassian Crowd 2. ADFS 2.0 3. FIM 4. Novell Identity Manager w/ Google Apps connector Any thoughts on how pros and cons or how to proceed? Cost is not an issue at the moment as we can procure non-profit licenses. -Viral

Hi, Thank you for your comment and providing your scenarios! To be honest, there's no clear strategy for updating this agent, so far. But I can provide some functions for your scenarios if you want. for example, 1. Sync users and email-lists from Google Apps to Active Directory (Reverse sync) -> You can choose which attributes are prefered when synced. 2. Provision/De-Provision users from Google Apps to Active Directory (Reverse provision) -> You can manage users from Google Apps Web Dashboard. Next, you should consider syncing solution and SSO solution separately. These solutions are quite different. You should consider FIM/Novell IdM as sync/provisioning solution, and Crowd and AD FS2.0 as SSO solutions. The reason is you must have same user entries between two systems if you want to sign on seamlessly. We often set random password to Google Apps when provision and set SSO option to authenticate with other solutions such as AD FS2.0. -Naohiro Naohiro Fujie MVP for Identity Lifecycle Manager ( Jan 2010 - Dec 2011 )

Hi Naohiro, While we are using the given XMA for provisioning/deprovisioning, we are encountered the below mentioned error, The management agent “GOOGLE MA” failed on run profile “Export” because a configured extension for this management agent does not contain a class implementing the required interface. Seems the missing of interface implementation. Can you help us to sort out the issue. Regards, Kishore Kumar

Hi Naohiro, We Successfully Provision User to google Apps Thanks, Deepak

Just released Google Apps MA on ECMA2.0 framework. http://fim2010gapps.codeplex.com/ Naohiro Fujie MVP for Forefront Identity Manager ( Jan 2010 - Dec 2012 )