FIM 2010 did a good job at driving down typical help-desk costs. One of the best examples of this during my tests with the product were in self-service password reset. As is typical of most password reset systems, the user must enroll by answering a series of security questions. These questions are the usual assortment of "what was your first pet's name?" type of questions. I answered three questions to enroll my test users. When users attempted to log into the Windows domain with an incorrect password a "reset password" link appeared on the screen. It is worth mentioning that the FIM Password Reset component must be installed on the end-user system for this functionality to be enabled. As expected, when the previously enrolled answers were provided to the security challenge questions, the users were then able to reset the password and gain access to their authorized applications.Single-sign on tools are also widely used to manage password access to company resources. These systems can usually be integrated with the identity management capabilities of FIM 2010 to augment the authentication and authorization services that FIM provides.
Although FIM 2010 is an ambitious identity management platform, IT managers should consider the ecosystem of non-Microsoft management tools that can be integrated with the product. For example, FIM 2010 now provides an STS (Secure Token Service). Vordel, among others have been providing STS systems for some time and are likely already in use in most large organizations.