Wednesday, February 22, 2017

User verification add-on for the FIM/MIM Portal

Today I'm releasing a new add-on for the FIM/MIM portal. The Lithnet User Verification Module allows IT staff to use the MIM portal to send an SMS code sent to a user's mobile phone. This is useful in scenarios where a user calls the service desk and needs to be verified before the service desk can take an action such as resetting a password or asking for a change to a group that they own.

If you have your users registered for SMS-based self-service password reset, then this module is ready for you to use today. It will use the same SmsServiceProvider.dll you created to enable SSPR, and will get the user's mobile number from the msIdmOtpMobilePhone attribute.

There are lots of configuration options available, so if you want to get the mobile number from a different attribute, you can certainly do that. You can also customize the attributes displayed by the tool, change the length of the security code, and even restrict access to the tool to a particular set of users

You access the tool by adding a new UocHyperLink control to your RCDC as shown below.

A new window will open with a customizable list of user attributes shown. Clicking the Send Code button will generate a unique code and send it to the user's phone

The code is shown to the service desk operator, and the user receives the code on their phone

It's a simple, but useful tool for authenticating users over the phone.

Visit the GitHub site to download the latest release and read the installation instructions

Thursday, February 2, 2017

Announcing v2 of the Lithnet FIM/MIM Service REST API

In 2015, I released the first version of the REST API for the FIM/MIM Service. I designed it to abstract away the complexities of the native SOAP endpoint, and open up the possibilities of integrating with FIM from operating systems and libraries outside of the Windows/.NET ecosystem.

It's been used by many awesome public and private projects since then. Check out Peter Stapf's guide on using it to create PowerApps.

Features have been added over time, usually by request, which means now, using simple JSON calls, you can perform the following tasks
  • Create resources
  • Modify resources
  • Delete resources
  • Get a resource
  • Get the current user's permissions on a resource
  • Search for resources
  • Full localization support
  • Getting approval requests
  • Approving or rejecting requests
However, I needed to make some changes to the API that would have broken compatibility with existing versions, so I decided to add another endpoint to this API, and release a new version.

Both versions of the API are contained in the one installation package, and can safely run side-by-side. Any existing applications will continue to work with the v1 API version.

Here are a list of fixes, enhancements, and new features of the v2 API.


  • Fixes an issue where all attribute values were returned as strings, rather than their native JSON data type
  • Fixes an issue where multivalued attributes containing only a single value were serialized as a string, instead of an array


  • Provides flexibility in how resources are returned from the API by allowing the caller to specify
    • If null values should be returned or not
    • If values for single-valued attributes should be returned as arrays
    • If the resource should be rendered as a fixed structure, that does not depend on knowing the resource schema in advance
  • Aligns the API to a set of REST API guidelines published by Microsoft

New Features

  • Adds support for getting permission hints for each attribute on a resource
  • Adds paged search support

Check out the updated documentation, and download the new version today