Not yet available on MSDN or Technet but for evaluation here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=22731a2a-5b0f-4c6b-846a-e53588117981

I’m currently working with Markus Vilcinskas on a couple of FIM Experts articles on how to detect non-authoritative accounts. Today we published the first two parts were the second part also contains an in depth description on how object state detection works. Enjoy!

Detecting Non-Authoritative Accounts – Part 1: Envisioning

Detecting Non-Authoritative Accounts – Part 2: Design

The news:

• IDP initiated communication
• Single logout
• Artifact resolution protocol
• And a lot more…

See the announcement here:
http://channel9.msdn.com/shows/Identity/ADFS-20-RC-is-Here/

I turns out there’s a lot of things that needs to be in place before this is made possible…

Usage Keyword

Usage keywords are required for letting non-admin users see portal design elements like navigation bar and home page resources but also for letting them being able to use search scopes. The keyword for letting non-admin users take part of these objects is BasicUI…

1. Under Administration and Home Page Resources select the “Manage my SG’s” and add the keyword BasicUI as usage keyword.

2. Go back to Administration and select Navigation Bar Resources. Select the “My SG’s” navigation bar resource and add the BasicUI keyword to this one as well.

3. Go back to Administration again and select Search Scopes. Add BasicUI as Usage keyword to the “My Security Groups” Search Scope

MPR’s

There is two MPR’s that allows for group owners to manage their groups. Both of these are disabled by default.

4. Go back to Administration and in to Management Policy Rules. Open and enable these two MPR’s:

• Security group management: Owners can read selected attributes of group resources
• Security group management: Owners can update and delete groups they own

5. Done!

Conclusion

The usage keyword stuff is poorly documented but I hope this will be better…