I was asked some great questions at my recent webinar on SoftwareIDM’s Identity Panel, and there wasn’t time to respond to them all in full. So see below for the answers!
Can Identity Panel run on-prem?
Identity Panel normally runs on-premises. The simplest configuration is one server – and where MIM is involved this can be the MIM Synchronization Server. However, depending on the environment, and factors such as the need for high availability, several servers might be involved.
How are the credentials stored in Identity Panel?
Credentials are only stored when necessary. Most of the time integrated authentication by the service account is preferred. When credentials are stored they are protected by Windows DPAPI. Further details here.
Can you set up a connector for the FIM/MIM Portal?
Yes. It is usual to include a connector for the MIM portal (in addition to the sync service), if the MIM Portal is in use, as this allows additional information to be collected, such as requests and approvals.
Is it possible to configure Identity Panel for different types of users (such as admins, auditors, regular users etc?)
Yes. You can set up a number of roles (such as those suggested in the question), and then configure which features and objects are available to that role. The security model goes right down to each individual attribute (like JobTitle, EmployeeID or salary).
What are the permissions Identity Panel needs to run services/applications on a server?
Necessary permissions depend on what actions will be performed (just like MIM). All permissions are configured for local actions by the service account, the web server does not need permissions to perform actions over the network. For example, if you want panel service to operate MIM, it needs MIMSyncOperators, MIMSyncBrowse, and db_datareader on the MIM database. Further details here.