How to Enable Users to Access the MIM Portal

  • Article

Ok, so you' ve imported all the users into the portal, but no other account can access it other than the FIM Administrator used to install the application.

You've done the usual to verify that everything as it is supposed to be:

  1. You verified that the user accounts in the portal have the following attributes populated and are valid:
    • Display Name
    • Account Name
    • Domain
    • Object SID
  2. You verified that the following MPRs are enabled
    • General: Users can read non-administrative configuration resources
    • User management: Users can read attributes of their own

But still no luck? Try this. You might have forgotten to check that stupid little checkbox while installing the MIM Portal and Service entitled "Grant authenticated users access to the MIM Portal site"

Under the hood, all that checkbox is doing is ensuring that NT Authority\authenticated users is granted Read permissions to your MIM Portal.

How can you check to see if this is the case? Open up PowerShell and do the run the following:

 

# Load the SharePoint PowerShell Snap-IN
Add-PSSnapin Microsoft.SharePoint.PowerShell

# Set a reference to the MIM portal website
$MIM = Get-SPWeb -Identity https://[MIM_PORTAL_NAME]/IdentityManagement

# Display the list of users
$MIM.Users

If you don't see NT AUTHORITY\authenticated users in the list that returns, you know that is the issue. Authenticated users have not been given read permission to the MIM portal, which is of course a requirement for them to log into it..

 

Here is how to fix it

# Load the SharePoint PowerShell Snap-IN
Add-PSSnapin Microsoft.SharePoint.PowerShell

# Set a reference to the MIM portal website
$MIM = Get-SPWeb -Identity https://[MIM_PORTAL_NAME]/IdentityManagement

# Set a reference to the authenticated users
$account = $MIM.EnsureUser("NT AUTHORITY\authenticated users")

# Set a reference to the Read (only) role definition
$role = $MIM.RoleDefinitions["Read"]

# Instantiate a new role assignment object for the authenticated users
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
 
# Bind the role to the new role definition
$assignment.RoleDefinitionBindings.Add($role)

# Add the role assignment to the web site.
$MIM.RoleAssignments.Add($assignment)

# Release the reference to the web site for garbage disposal
$MIM.Dispose()

 

How that helps!