After MIM… HyperSync Panel?
Many organizations that have invested in Microsoft Identity Manager (MIM) are now considering more cloud-focused alternatives.
SoftwareIDM’s Identity Panel Suite, including HyperSync Panel, can add functionality to MIM, support migration away from MIM, or maybe replace MIM altogether.
In this webinar recording, I examined SoftwareIDM’s Identity Panel Suite, and its cloud-based, Microsoft-friendly applications that can augment MIM now and eventually, perhaps, replace it altogether. I explored:
- How HyperSync Panel can meet all synchronization requirements, supporting legacy on-premises as well as modern cloud systems
- The additional workloads that can be readily migrated to the Identity Panel Suite – for example, group management and group self-service, user management, and user self-service, unique attribute value generation, reporting, and email notifications
- Other ways in which Identity Panel Suite can support and enhance Microsoft Entra ID, and facilitate the journey to the cloud
This webinar is for: IT professionals from large organizations where MIM is still an important part of the infrastructure, and who are concerned about the future of MIM.
View the recording of the webinar here.
Note the webinar was recorded before Microsoft rebranded Azure AD to Microsoft Entra ID.
Questions asked during the webinar – with answers!
Lots of great questions were asked during the webinar. Here they are with considered answers.
Question: With our current rule extension in MIM sync, we have a dynamic API call to an external system. Can HyperSync incorporate this capability if it does not translate into one of the existing declarative functions?
Answer: A HyperSync Panel workflow can invoke a PowerShell script (which is maintained via the version-controlled HyperSync configuration), and any change to a piece of identity data can invoke a workflow. So the answer is yes, but using PowerShell rather than a compiled language. That said, most scenarios requiring dynamic API calls in MIM (e.g. logging, or account uniqueness verification), are supported out of the box in HyperSync Panel.
Question: Identity Panel Suite looks great. What environment does this all run? Is it a local on-prem server/service or is it a cloud-based solution?
Answer: Identity Panel is available as an on-premises or cloud service (with authentication through AD or Microsoft Entra ID). Identity Panel was written from the start as a multi-tenant SaaS application, which enhances the security and architecture options even for on-premises deployments. Both the SaaS and on-premises versions have the same features and are built from the same codebase. This also makes it possible for on-premises customers to migrate to the cloud and vice-versa.
Question: Are there materials available that give an overview of all these functionalities for the suite? Very interested, but will need to research to see whether this ticks boxes for us going forward.
Answer: The Identity Panel Suite has a wide breadth of functionality. SoftwareIDM designed the product to cover the complex requirements of large organizations. General details may be found at https://softwareidm.com. Product descriptions may be found at https://product.softwareidm.com. Anyone interested in attending training may do so by emailing me at hsw@oxfordcomputertraining.com and will receive a free course manual via pdf. Plus, you can register for free training here.
Question: With the function language used for expressions, is this bespoke or something more widely known/available?
Answer: The rule expression language is syntactically a superset of the MIM Portal custom expression language, which itself is based on VBScript. Instead of the 20-odd functions supported by the MIM Portal, the Identity Panel rule engine has over 200 built-in functions, and allows extension with custom functions.
Question: In terms of reporting, quality checking and auditing across connected systems is important. Are there reports/auditing for finding orphaned accounts in Microsoft Entra ID but not in the hyperverse/HR, for example?
Answer: Yes. Identity Panel is designed to do exactly this sort of thing. Public courses are available on performing data clean-up, audit, and quality analysis with Identity Panel. Regardless of whether you’re running MIM, HyperSync Panel, Microsoft Entra ID, or a third-party IAM product, Identity Panel is designed to provide reporting and testing of data quality. Identity Panel comes with a library of prebuilt reports which you can customize, duplicate, and extend.
Question: Can I connect to other systems via API (SOAP, REST)?
Answer: Yes. Identity Panel makes it easy to connect to custom SOAP and ReST APIs via PowerShell providers. However, Identity Panel also has prebuilt connectors for numerous SOAP and ReST API-based systems.
Question: Is there any API to access Identity Panel similar to Lithnet?
Answer: Yes. The Identity Panel Suite includes ReST APIs for a wide variety of management tasks. However, most Lithnet scripts exist to solve MIM shortcomings that have built-in HyperSync Panel solutions.
Question: Would users be able to do self-service for certain attributes?
Answer: Yes. The Identity Pane Suite includes Service Panel, which provides a complete identity portal with granular security controls, and comprehensive self-service, management, and service-desk capabilities. Service Panel is an identity CMS that lets you customize your own company’s branding, layout, and experience.
Question: Is there a separate portal for Service Panel?
Answer: Yes. Service Panel, an app within the Identity Panel Suite, is the primary self-service and account management portal. Note that Access Panel, also an app in the Identity Panel Suite with its own portal, provides advanced access management and governance capabilities for those who need it
Question: How can group management be done by end-users?
Answer: Request-based group management can be performed in Service Panel. For more advanced access management and governance scenarios, you would configure Access Panel.
Question: Does Oxford Computer Group use this product internally already? If yes, is it tied up with MIM?
Answer: Oxford Computer Group has moved away from MIM to a totally Microsoft Entra ID-oriented IDM implementation because the Identity Panel Suite suits larger organizations than OCG. Of course, we have considerable experience with the software within the Oxford Computer Group family of companies. Note that there are very large organizations that have deployed Identity Panel.
Question: Is there an extensible framework to extend certain flows via code extensions?
Answer: Yes. Identity Panel allows extension via custom functions implemented in the declarative rule engine. Identity Panel also has a variety of extension points that allow secure execution of custom PowerShell scripts.
Question: Any delegation model for user management?
Answer: Yes. The Suite allows fine-grained and custom-configured roles, with an audience-based security model that allows control on both role and attribute dimensions. Service Panel makes it easier than the MIM Portal to configure horizontal security scopes based on relative geo-location, business unit, etc.
Question: Is there SCIM support for other cloud services?
Answer: Yes. SCIM is a new feature that will be publicly available on June 1, 2022.
Question: How is managerial or location hierarchy managed? Is there a way to collapse it into a single attribute/report?
Answer: Yes. Identity Panel can do a whole variety of org hierarchy reports.
Question: Does it support cloud HR platforms?
Answer: Yes. Identity Panel supports Workday natively, which is available as a Provider. Other cloud-based HR systems require integration through a data feed or PowerShell Provider. Additionally, SoftwareIDM can supply you with a Provider, upon request, to common HR systems.
Question: Does it have workflows that can execute PowerShell (like MIMWAL)?
Answer: Yes. Although not exactly like MIMWAL, Identity Panel has comprehensive workflow capabilities, which can be triggered in many ways, including time-based and attribute deltas – and it executes PowerShell. However, note that some MIMWAL solutions address gaps in the MIM Portal that the Identity Panel Suite addresses with built-in functionality.
If you want to know more, please email me.