idmOne - Custom FIM MIM Support and Development

Since you’re reading this, you’re probably wondering – what exactly is Microsoft Identity Manager (MIM)?

State-Based Identity Management

Microsoft Identity Manager (MIM) is a state-based identity management platform which allows organizations to manage users (identities), credentials (certificates), policies (who can do what to what), and access to systems. Because it is state-based and not event-based, identities across connected systems are able to be reconstructed in the event of a catastrophic outage.

Single Pane of Glass: One Identity

This also allows a single aggregate view of a user’s identity date from multiple platforms.

Hybrid Cloud Identity Support

MIM supports both on-premise identities, and hybrid scenarios where identities are managed in Active Directory and in the cloud in Azure Active Directory through Azure Active Directory Connect. With some customization, you can manage your Microsoft Office 365 entitlements and licensing as well.

Automation and Workflows

With automated workflows that transforms your organization’s joiner/leaver/mover business logic into related changes within the connected platforms across your entire environment, MIM simplifies your user lifecycle management and reduces risk from residual unmanaged accounts and privileges.

Multiple Identies Per User

MIM offers the ability to manage multiple identities for a single user. Developers who require accounts in multiple environments such as Dev, Test, Pre-Prod and Production? No problem. Privileged accounts that should be revoked when an admin leaves the organization? Again, all in a day’s work.

GAL Synchronization

Another prime use that MIIS was immediately known for was GAL Synchronization – maintaining Exchange Global Address Lists (GAL)s for customers that have multiple email environments and need to maintain a consistent address book experience for their users.

That GALSync functionality has continued to be heavily utilized worldwide, with Microsoft providing a pre-packaged GAL MA. We do a lot of GALSync work here for DOD environments due to the large user population and widely segregated environments. If you’re a DOD or IC customer looking for integration with the DISA GAL (IdSS), we can help.

Password synchronization

MIM can capture password changes in a source Active Directory environment and flow them to connected systems throughout your environment utilizing a service called Password Change Notification Service (PCNS). Minimizing multiple password changes reduces the chance that users will write down their multiple passwords, or forget them and call the help desk to have them reset.

MIM Self-Service Portal

One of the big customer requests in the initial MIIS/ILM days was a portal for administration and user self-service. With FIM 2010, those requests were answered. Now users can modify white pages attributes for themselves, manage security and distribution membership, and perform other delegated tasks as defined by business policy.

BHOLD: Role Based Access Control (RBAC)

With the acquisition of BHOLD, Microsoft added robust RBAC capabilities to MIM.

MIM ECMA Development

MIM provides connectors to the most common systems natively out of the box.

Because MIM is extensible, you can use the Extensible Connectivity Management Agent v2 (ECMA2) framework to create connectors to any of your legacy systems.

MIM Codeless provisioning

Prior to the portal introduction in FIM 2010, enterprises relied on their application development shops to develop and manage the code to make MIIS & ILM work. This didn’t jive well since the sync engine administration typically fell under the same admins that managed AD and/or Exchange. Those guys are great at what they do, but they’re not .NET developers!

With the introduction of codeless provisioning and Sync Engine rules in FIM 2010, we finally see the de-coupling of identity management administration from the development shop. Administrators can manage provisioning logic and attribute flow through a web-based UI with rules that are (mostly) easy to understand and manage. Yahtzee!

Self-Service Password Reset (SSPR)

User password resets and account unlocking consume an extremely high percentage of a help desk’s time. MIM provides a self-service password reset portal that allows users to answer challenge/response questions to reset their password and/or unlock their account without the need to call the helpdesk.

MIM also supports Multi-Factor Authentication (MFA) for password resets to enhance operational security.

Privileged Access Management (PAM)

MIM PAM allows Just-in-Time administrator access to resources as needed, then revokes this access when the allotted time expires. By utilizing a separate bastion AD forest to house the priviliged accounts, your organization’s attack vector is significantly reduced.

Microsoft Identity Manager Makes Sense in the Microsoft Ecosystem

One of the reasons that all of the versions of MIM have been adopted so quickly is the proliferation of Microsoft products throughout enterprises everywhere.

MIM leverages standard Microsoft platforms:

Why not make the most of current investments in those platforms and use technology that your administrators already understand!

Microsoft-Identity-Manager-Logo

MIM Native Connectors

  • Active Directory Domain Services (ADDS)
  • Active Directory Global Address List (GAL)
  • Active Directory Lightweight Directory Services (AD LDS)
  • Attribute-value pair text file (AVP)
  • Delimited Text File
  • IBM DB2 Universal Database
  • IBM Directory Server
  • Novell eDirectory
  • Oracle Database
  • Microsoft SQL Server
  • Oracle Directory Server
  • Windows PowerShell
  • Microsoft Azure Active Directory
  • Generic LDAP
  • Generic SQL
  • Directory Services Mark-up Language (DSML)
  • Fixed-Width text file
  • LDAP Data Interchange Format (LDIF)
  • Microsoft Graph
  • SAP ECC, Oracle Peoplesoft, Oracle eBusiness Web Services
  • Delimited text file
MIM GALSync Logical Layout

Microsoft Identity Manager Product History

1999 – Zoomit Via

Microsoft acquires the Canadian company Zoomit, and their product Via was rebranded Microsoft Metadirectory Services (MMS).

1999 to 2003

The product group worked on a complete overhaul of the product, utilizing the .NET Framework instead of Zoomit’s proprietary Zscript scripting language.

2003 – Microsoft Identity Integration Server

This newly-developed product was released as Microsoft Identity Integration Server (MIIS 2003). The critics were wowed, and adoption spread fast.

2007 – Identity Lifecycle Manager

MIIS iss rebranded Identity Lifecycle Manager 2007 (ILM), and the product incorporated Certificate Lifecycle Manager (CLM) to manage smart card and digital certificates.

2010 – Forefront Identity Manager

Forefront Identity Manager 2010 (FIM). Originally branded as ILM2, the product is incorporated into the Forefront suite of security products.microsoft-forefront-identity-manager-logo

2012 – FIM 2010 R2

FIM 2010 Release 2 (R2) is released. This includes the BHOLD product for RBAC, improved reporting, performance improvements, and support for all web browsers for SSPR.

2016 – Microsoft Identity Manager

The product is decoupled from the Forefront suite, and rebranded as Microsoft Identity Manager 2016 (MIM).

2021 – MIM End of Life

In January 2021, MIM mainstream support ended. Enterprise customers can still purchase extended support at a steep premium.

idmOne offers MIM Extended Support and maintenance contracts at a fraction of the cost. Let us help you keep your environment clean and healthy while your organization shifts to a modern identity platform.