Many organizations that have invested in Microsoft Identity Manager (MIM) are now considering more cloud-focused alternatives.
SoftwareIDM’s Identity Panel Suite, including HyperSync Panel, can add functionality to MIM, support migration away from MIM, or maybe replace MIM altogether.
In this webinar recording, I examined SoftwareIDM’s Identity Panel Suite, and its cloud-based, Microsoft-friendly applications that can augment MIM now and eventually, perhaps, replace it altogether. I explored:
- How HyperSync Panel can meet all synchronization requirements, supporting legacy on-premises as well as modern cloud systems
- The additional workloads that can be readily migrated to the Identity Panel Suite – for example, group management and group self-service, user management and user self-service, unique attribute value generation, reporting and email notifications
- Other ways in which Identity Panel Suite can support and enhance Azure AD, and facilitate the journey to the cloud
This webinar is for: IT professionals from large organizations where MIM is still an important part of the infrastructure, and who are concerned about the future of MIM.
View the recording of the webinar here.
Question: With our current rule extension in MIM sync, we have a dynamic API call to an external system. Can HyperSync incorporate this capability if it does not translate into one of the existing declarative functions?
Answer: A HyperSync Panel workflow can invoke a PowerShell script (which is maintained via the version controlled HyperSync configuration), and any change to a piece of identity data can invoke a workflow. So the answer is yes, but using PowerShell rather than a compiled language. That said, most scenarios requiring dynamic API calls in MIM (e.g. logging, or account uniqueness verification), are supported out of the box in HyperSync Panel.
Question: Identity Panel Suite looks great. What environment does this all run? Is it a local on prem server/service or is it a cloud based solution?
Answer: Identity Panel is available as an on-premises or cloud service (with authentication through AD or Azure AD). Identity Panel was written from the start as a multi-tenant SaaS application, which enhances the security and architecture options even for on-premises deployments. Both the SaaS and on-premises versions have the same features and are built from the same codebase. This also makes it possible for on-premises customers to migrate to cloud and vice-versa.
Question: Are there materials available which give an overview of all these functionalities for the suite? Very interested, but will need to research to see whether this ticks boxes for us going forward.
Answer: The Identity Panel Suite has a wide breadth of functionality. SoftwareIDM designed the product to cover the complex requirements of large organizations. General details may found at https://softwareidm.com. Product descriptions may be found at https://product.softwareidm.com. Anyone interested in attending training may do so by emailing me firstname.lastname@example.org and will receive a free course manual via pdf. Plus, you can register for free training here.
Question: With the function language used for expressions, is this bespoke or something more widely known/available?
Answer: The rule expression language is syntactically a superset of the MIM Portal custom expression language, which itself is based on VBScript. Instead of the 20-odd functions supported by the MIM Portal, the Identity Panel rule engine has over 200 built-in functions, and allows extension with custom functions.
Question: In terms of reporting, quality checking and auditing across connected systems is important. are there reports/auditing for finding orphaned accounts in AAD but not in the hyperverse/HR, for example.
Answer: Yes. Identity Panel is designed to do exactly this sort of thing. Public courses are available on performing data clean-up, audit, and quality analysis with Identity Panel. Regardless of whether you’re running MIM, HyperSync Panel, Azure AD, or a third party IAM product, Identity Panel is designed to provide reporting and testing of data quality. Identity Panel comes with a library of prebuilt reports which you can customize, duplicate, and extend.
Question: Can I connect to other systems via API (SOAP, REST)?
Answer: Yes. Identity Panel makes it easy to connect to custom SOAP and ReST APIs via PowerShell providers. However, Identity Panel also has prebuilt connectors for numerous SOAP and ReST API based systems.
Question: Is there any API to access Identity Panel similar to Lithnet?
Answer: Yes. The Identity Panel Suite includes ReST APIs for a wide variety of management tasks. However, most Lithnet scripts exist to solve MIM shortcomings that have built-in HyperSync Panel solutions.
Question: Would users be able to do self-service of certain attributes?
Answer: Yes. The Identity Pane Suite includes Service Panel, which provides a complete identity portal with granular security controls, and comprehensive self-service, management, and service-desk capabilities. Service Panel is an identity CMS that lets you customize your own company’s branding, layout, and experience.
Question: Is there a separate portal for Service Panel?
Answer: Yes. Service Panel, an app within the Identity Panel Suite, is the primary self-service and account management portal. Note that Access Panel, also an app in the Identity Panel Suite with its own portal, provides advanced access management and governance capabilities for those who need it
Question: How can group management be done by end-users?
Answer: Request-based group management can be performed in Service Panel. For more advanced access management and governance scenarios, you would configure Access Panel.
Question: Does OCG use this product internally already? If yes, is it tied up with MIM?
Answer: Oxford Computer Group (OCG) has moved away from MIM to a totally Azure AD oriented IDM implementation, because the Identity Panel Suite suits larger organizations than OCG. Of course, we have considerable experience of the software within the OCG family of companies. Note that there are very large organizations that have deployed Identity Panel.
Question: Is there an extensible framework to extend certain flows via code extensions?
Answer: Yes. Identity Panel allows extension via custom functions implemented in the declarative rule engine. Identity Panel also has a variety of extension points that allow secure execution of custom PowerShell scripts.
Question: Any delegation model for user management?
Answer: Yes. The Suite allows fine-grained and custom configured roles, with an audience-based security model that allows control on both role and attribute dimensions. Service Panel makes it easier than the MIM Portal to configure horizontal security scopes based on relative geo-location, business unit, etc.
Question: Is there SCIM support for other cloud services?
Answer: Yes. SCIM is a new feature which will be publicly available June 1, 2022.
Question: How is managerial or location hierarchy managed? Is there a way to collapse it into a single attribute/report?
Answer: Yes. Identity Panel can do a whole variety of org hierarchy reports.
Question: Does it support cloud HR platforms?
Answer: Yes. Identity Panel supports Workday natively, which is available as a Provider. Other cloud-based HR systems require integration through a data feed or PowerShell Provider. Additionally, SoftwareIDM can supply you a Provider, upon request, to common HR systems.
Question: Does it have workflows that can execute PowerShell (like MIMWAL)?
Answer: Yes. Although not exactly like MIMWAL, Identity Panel has comprehensive workflow capabilities, which can be triggered in many ways, including time-based and attribute deltas – and it execute PowerShell. However, note that some MIMWAL solutions address gaps in the MIM Portal that the Identity Panel Suite addresses with built-in functionality.
If you want to know more, please email me.