Suppose your FIM Service account can access the Portal, but other accounts cannot access the Portal. There are a host of reasons why this may happen. Lets say you have checked the MPRs that allow access for user, they are all enabled. The next question is do the users have access to the SharePoint site?
This screen in the MIM setup
Will that option the NT Authorithy\authenticated users group is given read rights to the FIM Portal site. If this option is not selected or if FIM/MIM setup does not complete for some reason then the read rights are not given to the NT Authorithy\authenticated users group.
So thanks to a very good blog article by Karchworld, I was able to resolve it.
Open a Sharepoint PS session
$myMIM = Get-SPWeb -Identity http://tlkimim01/IdentityManagement
If you don’t see NT Authorithy\authenticated users then you have an issue. Lets add that group
# Set a reference to the authenticated users
$account = $myMIM.EnsureUser(“NT AUTHORITY\authenticated users”)
# Set a reference to the Read (only) role definition
$role = $myMIM.RoleDefinitions[“Read”]
# Instantiate a new role assignment object for the authenticated users
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
# Bind the role to the new role definition
# Add the role assignment to the web site.
# Release the reference to the web site for garbage disposal