After MIM, Identity Panel?
Reports of the death of MIM may well have been exaggerated, but this workhorse has been around for nearly 20 years, and it will eventually have to be replaced. So with that in mind, what’s next? In this blog I take a look at one possibility to replace MIM: Identity Panel Suite.
The MIM Lifecycle
Microsoft Identity Manager came to being as Microsoft Identity Integration Service in 2003. During its lifecycle it has been the beating heart of identity management – at least in the Microsoft world. We can now see the end of that lifecycle approaching, and while there is no cause for panic, it makes sense to consider what comes next.
Most organizations are in the process of moving some or all of their IT assets to the cloud – if they have not already done so. Microsoft are gradually rolling out the Azure AD features, such that already many MIM workloads can be replaced (often in an improved manner).
Why not simply a “MIM in the cloud”? It might make for an easy migration, but it would probably not be an optimal solution in a cloud world. Put another way – the world has moved on, and it is possible to do better than MIM. Anyway, we can say with some certainty that there will never be a “MIM in the cloud”, and while an excellent platform for the cloud generation of identity management systems, Azure AD may never fully replace all MIM functionality.
After MIM
MIM is excellent at orchestrating complex identity lifecycles, dealing with multiple sources of truth, synchronizing passwords to legacy systems (that cannot support modern authentication), and generally manage on-premises users and groups. There are platforms that can replace MIM. Some of these are competitive with the Microsoft platform or simply do not fit comfortably into the Microsoft identity stack, some are more oriented towards governance, or address a vertical market. A few stand out from the pack, SoftwareIDM’s Identity Panel Suite being one such case.
- It has an intimate understanding of MIM (and Azure AD Connect), having been originally written as a system to manage MIM, to display and report on MIM identity data, and to plug gaps in MIM’s capabilities
- It is Microsoft-friendly, using AD or Azure AD as its own authentication mechanisms, and seeks to plug gaps in the Microsoft feature set rather than to replace the Microsoft identity stack (though there are overlaps)
- It is almost* a total feature for feature replacement for MIM – though it, too, is not “MIM in the cloud” (the authors having also concluded that they can improve on MIM)
- It is available either as an on-premises or as a true SaaS app
- It can happily co-exist with, and enhance, MIM – or it can take over some or all of the MIM workloads
* There are a (very) few workloads that the Identity Panel Suite does not attempt to reproduce – always for good reason. For example, self-service password reset is better done by Azure AD.
For these reasons Oxford Computer Training, which has been in a large part dedicated to MIM throughout its lifecycle, is taking a considerable interest in the Identity Panel Suite. We have put on a number of webinars, written blogs, and we are now writing training courses it. In this article we introduce Identity Panel Suite, and direct you towards further information.
Identity Panel Suite
The Identity Panel Suite consists of four applications, sitting on the Identity Panel framework
Identity Panel itself provides the common services required by the four applications: connectivity, scheduling, visualization, workflows, reporting, health checks, diagnostics and much more. It can take a great deal of pain out of compliance and audit with SoftwareIDM’s Identity Panel, allowing you to readily answer such questions as:
- What roles did John Smith have in the ERM system on July 22nd?
- Who was a member of the HR administrators’ group at 10am on August 14th?
- What are Jane Doe’s Office 365 memberships, who authorized them, and when?
- Which accounts are not being used?
- What accounts exist in one system, with no equivalent in another?
- And so on…
It can also let you know if someone changes the production configuration of Microsoft Identity Manager (MIM), Azure AD Connect, or Identity Panel Suite itself.
The Applications
Looking now at the four applications:
- HyperSync Panel can be thought of as equivalent to the MIM Synchronization Service
- Service Panel can be thought of as equivalent to the MIM Portal
- Access Panel can be thought of as equivalent to BHOLD
- Test Panel does not have an equivalent in MIM, though it is perhaps something which should have been – an application for rigorous testing of a MIM implementation (or any system for synchronizing your identities).
While we can make these rough equivalences with MIM, they also stand alone, offering many features and capabilities that MIM does not have.
HyperSync Panel
HyperSync Panel, in particular is generating a lot of interest. Probably this is because:
- Every MIM implementation utilizes the synchronization service whether or not it uses other features (like BHOLD or the Portal), and
- Microsoft has not (yet) clearly indicated that there will be something to replace it.
For a proper understanding of HyperSync Panel, watch this webinar recording which describes and demonstrates the capabilities of HyperSync Panel, rapidly and succinctly.
Questions asked during this webinar included:
- With our current rule extension in MIM sync, we have a dynamic API call to an external system. Can HyperSync incorporate this capability if it does not translate into one of the existing declarative functions?
- On what environment does Identity Panel Suite run? Is it a local on prem server/service or is it a cloud based solution?
- Are there materials available which give an overview of all these functionalities for the suite?
- Are there reports/auditing for finding orphaned accounts in AAD but not in the hyperverse/HR, for example?
- Can I connect to other systems via API (SOAP, REST)?
- Is there SCIM support for other cloud services?
- Does it have workflows that can execute PowerShell (like MIMWAL)?
See the answers to these questions – and more! – here.
Other Applications
Look out for webinars and blogs in the future which will cover Service Panel and Access Panel.
Summary
Taken as a whole, SoftwareIDM’s Identity Panel Suite offers a range of powerful tools to enable you to manage, monitor, and report on your cloud and on-premises identities with ease.