The group management features we have in MIM give us the capability to work with both static and dynamically defined groups. Another great capability is that we make the owner responsible for the management of these groups, but can still define the business rules, such as approvals and expirations. We looked at the various types and scopes of groups, as well as the management policy rules that we need to enable to get the solution configured for The Financial Company.

We looked at a typical scenario of bringing AD groups into the portal first, then flipping the precedence rules so that the portal is authoritative for group management. The last thing we looked at was about security and distribution groups creating sync rules, versus the ...