Microsoft Identity Manager
  • Updated on 25 Feb 2019
  • 3 minutes to read
  • Contributors
  • Print
  • Comments
  • Share
  • Dark
    Light

Microsoft Identity Manager

  • Print
  • Comments
  • Share
  • Dark
    Light

In this section we will look at Microsoft Identity Manager.

What is it?

Microsoft Identity Manager (MIM) is the latest iteration of a product from Microsoft that used to be called Forefront Identity Manager and before that Identity Lifecycle Manager.

The core use case for MIM is to synchronise users and identity across systems so that a user can access the systems they require.

One very important to note concept is that many modern applications will tend to support SSO, ADFS or Azure AD integration. In these cases you shouldnt need to use MIM to synchronise the users in these apps because they should inherit claims and user setup from the SSO login process.

The main customer scenarios for MIM tend to be as follows:

  1. A customer has many on premise applications which have their own user management modules which need to be synchronised, often in a 2 way manner
  2. A customer has a user onboarding process which runs periodically and starts in an application where MIM is used to synchronise the application with Active Directory

Features

  • Import user data and passwords from systems
  • Merge and match the users from different systems
  • Produce output to send back to systems to update their users
  • Ability to define rules for which fields from which systems take precedence
  • Workflows for complex user processes
  • User self service reset portal

Strengths

  • The merge and match capabilities are easy to setup and its quite easy to get up and running with a simple scenario
  • MIM implemented well is a reliable technology with low maintenance costs for many customers

Weaknesses

  • Most complex implementations of MIM have integration requirements beyond the out of the box connectors. Its common to see complex ETL processes in tools like SSIS which need to be considered and managed
  • Some companies use the anti-pattern of using MIM to process data which is not related to an identity.
  • Careful architecture consideration needs to be made to manage which patterns should be used so that the identity platform can make effective use of the integration platform
  • The license costs are difficult to clearly understand

Dependancies

MIM has the following dependanceies:

  • Windows Server
  • SQL Server for its database
  • IIS for the MIM portal

Hosting

MIM is hosted on Windows Server

Costs

Based on our interpretation the CAL license is needed to the Password Reset Portal and for complex workflow which may not be required by your implementation. If this is the case then you only need the server licenses for Windows and SQL.

If you need the CAL licenses then the cost could increase significantly. Best to check your requirements in more detail with the licensing guide.

Related Technologies

There arent really any directly related technologies in the Microsoft stack, however a MIM solution may often use things like BizTalk or SSIS to help provide integration to other applications.

Product Recommendation

Recommendation
We feel that Microsoft Identity Manager is a safe and reliable option for those customers who need it. It has been around for years and is a mature solution. We feel that if you are a new customer to MIM you should review your architecture to make sure you need MIM and keep the implementation as simple as possible with the comments above in mind about how applications have changed the way they authenticate. For brown field customers who already have MIM and FIM implementations wanting to upgrade and are still within a comfortable support window

Learn More

Was this article helpful?