After MIM, Identity Panel?

Reports of the death of MIM may well have been exaggerated, but this workhorse has been around for nearly 20 years, and it will eventually have to be replaced. So with that in mind, what’s next? In this blog I take a look at one possibility to replace MIM: Identity Panel Suite.

The MIM Lifecycle

Microsoft Identity Manager came to being as Microsoft Identity Integration Service in 2003. During its lifecycle, it has been the beating heart of identity management – at least in the Microsoft world. We can now see the end of that lifecycle approaching, and while there is no cause for panic, it makes sense to consider what comes next.

Most organizations are in the process of moving some or all of their IT assets to the cloud – if they have not already done so. Microsoft is gradually rolling out Microsoft Entra ID (formerly Azure AD) features, such that already many MIM workloads can be replaced (often in an improved manner).

Why not simply a “MIM in the cloud”? It might make for an easy migration, but it would probably not be an optimal solution in a cloud world. Put another way – the world has moved on, and it is possible to do better than MIM. Anyway, we can say with some certainty that there will never be a “MIM in the cloud”, and while an excellent platform for the cloud generation of identity management systems, Microsoft Entra ID (formerly Azure AD) may never fully replace all MIM functionality.

After MIM

MIM is excellent at orchestrating complex identity lifecycles, dealing with multiple sources of truth, synchronizing passwords to legacy systems (that cannot support modern authentication), and generally managing on-premises users and groups. Some platforms can replace MIM. Some of these are competitive with the Microsoft platform or simply do not fit comfortably into the Microsoft identity stack, some are more oriented towards governance or address a vertical market. A few stand out from the pack, SoftwareIDM’s Identity Panel Suite being one such case.

  • It has an intimate understanding of MIM (and Microsoft Entra Connect), having been originally written as a system to manage MIM, to display and report on MIM identity data, and to plug gaps in MIM’s capabilities
  • It is Microsoft-friendly, using AD or Microsoft Entra ID as its authentication mechanisms, and seeks to plug gaps in the Microsoft feature set rather than replace the Microsoft identity stack (though there are overlaps)
  • It is almost* a total feature-for-feature replacement for MIM – though it, too, is not “MIM in the cloud” (the authors have also concluded that they can improve on MIM)
  • It is available either as an on-premises or as a true SaaS app
  • It can happily co-exist with, and enhance, MIM – or it can take over some or all of the MIM workloads

* There are a (very) few workloads that the Identity Panel Suite does not attempt to reproduce – always for good reason. For example, a self-service password reset is better done by Microsoft Entra ID.

For these reasons, Oxford Computer Training, which has been in a large part dedicated to MIM throughout its lifecycle, is taking a considerable interest in the Identity Panel Suite. We have put on several webinars, and written blogs, and we are now writing training courses it. In this article, we introduce Identity Panel Suite and direct you to further information.

Identity Panel Suite

The Identity Panel Suite consists of four applications, sitting on the Identity Panel Framework

Identity Panel itself provides the common services required by the four applications: connectivity, scheduling, visualization, workflows, reporting, health checks, diagnostics, and much more. It can take a great deal of pain out of compliance and audit with SoftwareIDM’s Identity Panel, allowing you to readily answer such questions as:

  • What roles did John Smith have in the ERM system on July 22nd?
  • Who was a member of the HR administrators’ group at 10 am on August 14th?
  • What are Jane Doe’s Office 365 memberships, who authorized them, and when?
  • Which accounts are not being used?
  • What accounts exist in one system, with no equivalent in another?
  • And so on…

It can also let you know if someone changes the production configuration of Microsoft Identity Manager (MIM), Microsoft Entra Connect, or Identity Panel Suite itself.

The Applications

Software IDM free trainingLooking now at the four applications:

  • HyperSync Panel can be thought of as equivalent to the MIM Synchronization Service
  • Service Panel can be thought of as equivalent to the MIM Portal
  • Access Panel can be thought of as equivalent to BHOLD
  • Test Panel does not have an equivalent in MIM, though it is perhaps something that should have been – an application for rigorous testing of a MIM implementation (or any system for synchronizing your identities).

While we can make these rough equivalences with MIM, they also stand alone, offering many features and capabilities that MIM does not have.

HyperSync Panel

HyperSync Panel, in particular, is generating a lot of interest. Probably this is because:

  • Every MIM implementation utilizes the synchronization service whether or not it uses other features (like BHOLD or the Portal), and
  • Microsoft has not (yet) clearly indicated that there will be something to replace it.

For a proper understanding of HyperSync Panel, watch this webinar recording which describes and demonstrates the capabilities of HyperSync Panel, rapidly and succinctly.

Questions asked during this webinar included:

  • With our current rule extension in MIM sync, we have a dynamic API call to an external system. Can HyperSync incorporate this capability if it does not translate into one of the existing declarative functions?
  • In what environment does Identity Panel Suite run? Is it a local on-prem server/service or is it a cloud-based solution?
  • Are there materials available that give an overview of all these functionalities for the suite?
  • Are there reports/auditing for finding orphaned accounts in AAD but not in the hyperverse/HR, for example?
  • Can I connect to other systems via API (SOAP, REST)?
  • Is there SCIM support for other cloud services?
  • Does it have workflows that can execute PowerShell (like MIMWAL)?

See the answers to these questions – and more! – here.

Other Applications

Look at the other webinars we have recorded on Service Panel, Access Panel, and Test Panel.

Summary

Taken as a whole, SoftwareIDM’s Identity Panel Suite offers a range of powerful tools to enable you to manage, monitor, and report on your cloud and on-premises identities with ease.