Features

FirM Features

FirM is a comprehensive Federated Identity and Resource manager for Lotus Domino.

FirM allows you to create profile information on all user and group operations and allow delegation to non-technical users, in a completely automated, secure and audited manner, thus reducing administrator burden and increasing service level

At v2.2 release, it performs the following operations:

User Management

• User Create. Full Lotus domino user creation with
  • Load balancing - given a selection of Lotus Domino serves, FirM will choose the one with least users.
  • Cluster mailfile creation on one or more server cluster mates.
  • ID+Password secure storage & distribution to mandatory or optional recipients.
  • Adding the new user to specified groups.
  • Setting specified person document fields.
  • (optionally) Enable ND6 style Roaming User.
  • (optionally) Create Password Digest.
  • (optionally) Create an AD account for the user.
  • (optionally) Create a BlackBerry account for the user.
  • (optionally) Send a customised Welcome Message to the user.
• User Cross-Certify. Cross certify a user in hierarchy.
• User Delete. A fully featured user deletion process
  • Immediate revocation of user's rights to access the Domino environment
  • Full backup of person document and group membership details
  • (optionally) Archive of mailfile to an archive server
  • (optionally) Set a "designated data owner" - allow another user to view the mailfile for a limited period of time
• User Disable. The addition of a user to a terminations group, preventing user access to your Lotus Domino environment.
• User Enable. The removal of a user from a terminations group, allowing user access to your Lotus Domino environment
• User Grant Mailfile Access. Grant temporary mailfile access to a users mailfile to another person.
• User Http Password Reset. Allow a non-administrator to set a new internet password for a user
• User MailFile Quota. Set the users Mail File Quota.
• User Modify. Allow modification of specific fields on a users' person document for directory maintenance.
• User Move in Hierarchy. Recertify a user to a new Lotus Notes certificate hierarcy, with no administrator intervention whatsoever.
• User Move Server. Move a user (and their mailfiles) to a new Lotus Domino server automatically.
• User Move Location. Move a user within your environment
  • User and mailfile(s) moved to new Domino server
  • Remove user from old location and country specific groups and add to new location's groups
  • (Optionally) Recertify the user
• User Password Digest Enable. Enable user password periodic changes for a user
• User Password Digest Disable. Disable user password periodic changes for a user
• User Password Digest Reset. Allow access to a user if they have exceeded their password change time period.
• User Rename Common Name. Rename a users' common name.
• User Recertify. Recertify a user with his existing certificate to extend access to your Lotus Domino environment.
• User Resend User ID and Password. Allow the sending of the latest user ID and password from the secure repositories.
• User Roaming Enable. Set the user to a "Roaming" style ND6 user. .
• User Roaming Disable. Stop the user being a "Roaming" style ND6 user. .

Group Management

• Group Create. Create a new Lotus Domino group according to standard profiles
  • Enforce naming conventions
  • All technical details such as type, foreign directory synchronisation, etc hidden from the requestor
  • Group content is restricted to permitted types of membership within the group's profile
  • Group ownership and devolved management permission lists are specified on a per-group basis
• Group Modify. Modify a group's attributes
  • Rename the group according to the profile-enforced naming convention
  • Change the group description
  • Change the group's owner
  • Manage the group's management permission lists
• Group Manage Members. Add and remove users from groups
  • End users can be given permission to manage only a group's membership, with no rights to change it's name, type, etc.
  • Restrictions on the types of members that can be added to a group are enforced according to the group's profile. For instance, prevent SMTP addresses from being added to ACL groups.
• Group Delete. Remove a group from the Lotus Domino Directory
  • Domino Administration Process leveraged to remove the group's name from the Domino environment
  • Backup copy of the group (and all subgroups) is retained so that it can be restored to the Domino Directory if necessary
• Group Undelete. Groups that have been deleted using FirM can be restored to the Domino Directory by a FirM administrator.

Application Management

• Mail in Database Create. Create a new application and all relevant replcas from a list of allowed templates. Populate the applications ACL's and grant modification access to the application owner. Set the application quota and warning thresholds. Create a directory mail-in database entry in the Domino directory.
• Mail in Database Delete. Remove a mail in database and all replicas, the groups associated with this mail-in database, and the directory mail-in document itself.
• Mail in Database Manage. Modify a mail in database.
• Application Monitoring. Scanning all applications and providing user usage and ACL change log information across all databases in your environment.

Active Directory Management

• AD Group Create. Create an Active Directory group
• AD Group Manage Members. Add or remove users from Active Directory groups
• AD User Create. Create a new user in Active Directory, checking for uniqueness, in a specified container. Create the users home drive and assign sharing rights. Update any Active Directory attribute associated with this person, and optionally add him to AD groups.
• AD User Disable. Prevent a user logging into Active Directory
• AD User Enable. Allow a user to log into Active Directory
• AD User Modify. Change an attribute on the users' Active Directory record
• AD User Password Reset. Set a users Active Directory password.

BlackBerry Management

• BlackBerry Provision. Associate a user with a BlackBerry handset
• BlackBerry Delete. Delete an association between a user and a handset.
• BlackBerry Disable. Temporarily disable a users BlackBerry handset.
• BlackBerry Enable. Enable a users BlackBerry handset (after a Disable operation).
• BlackBerry Change Password. Change a users BlackBerry handset password.

Automated Tasks

• ID Update. FirM offers two alternative features to ensure that the encrypted user ID and password repositories are always kept up-to-date following changes:
  • ID Backup - the environment is monitored for ID changes and users are sent emails requesting the backup of their latest ID file and password; and
  • ID Escrow - Domino's password recovery mechanism is leveraged, ensuring that all changed IDs are captured automatically (these IDs require password recovery before they can be utilised).
• AdminP Pusharound. FirM supports multi-domain environments, and allows the adminstrator to specify which AdminP transactions should be copied between the various domain admin4.nsf databases.
• Automatic User Recertification. Users can be automatically recertified should they match an administrator-defined profile
• Group Expiration. You can specify when a Group should be expired from the system. A pre-set number of days beforehand, an automated message will be sent to the group's owner asking them to confirm or reject deletion of this user. Should the manager do nothing or confirm deletion, the Group is deleted on that specified date.
• User Expiration. You can specify when a User should be expired from the system. A pre-set number of days beforehand, an automated message will be sent to the person's manager asking them to confirm or reject deletion of this user. Should the manager do nothing or confirm deletion, the user is deleted on that specified date.
• User MailFile Quota. Change central Mail File Quota "bands" in order to change all users Mail File Quota and Threshold limits.