Extending MIM Functionality to the Cloud webinar – questions and answers
Attendees asked some great questions at my recent Extending MIM Functionality to the Cloud webinar which featured SoftwareIDM’s Service Panel™ and Identity Panel™ – see below for the answers!
How are identities pulled from the HR system and created in AD without MIM on-premises?
This is most easily explained in this diagram:
All of MIM Sync’s imports and exports take place onsite via an agent called Panel Service™. Panel Service runs on-premises as Windows Service. Panel Service interfaces with the cloud apps (and Azure AD itself), with any on-premises apps (including HR), and finally, it interfaces back to Identity Panel via a single HTTPS connection. On the other side of Identity Panel, MIM’s Management Agents import and export to Identity Panel’s MIM Service Port™ using replacement management agents from SoftwareIDM. Identity Panel is therefore the link between MIM and the Panel Service running on-premises.
Are RCDCs eliminated by Service Panel? Are workflows, MPRs, and sets managed?
Simply put, yes. Identity Panel workflows bear little relation to portal workflows, but achieve the same ends. The more complicated answer has to start with asking ‘why replace the MIM Portal with the Service Panel?’ The MIM Portal provides a number of features:
- SSPR – which really should be migrated to Azure AD
- Group Management, which we can see will eventually be migrated to Azure AD, but in our hybrid world on-premises group management is still important – service panel provides this capability
- Self-service user management (notably requests for group membership) and white pages – Service Panel provides this capability
- Workflows, which have wide application, but can be summed up as event-based activities – Service Panel provides this capability
- Sync rule definition – this is a more contentious area: for years we have advocated using classic rules over portal rules (which were originally only intended as a proof of concept feature), and that facilitates an easy migration to Service Panel, after which you can forget about classic and portal rules, and instead use Service Panel’s simpler, UI method for modifying rules.
So by replacing the MIM Portal with Service Panel you can replace core functionality, and eliminate the need for other functionality (like RCDCs, Sets and MPRs) since Service Panel uses other mechanism.
MIM in the cloud no longer uses SharePoint underneath?
Correct – no MIM Portal, no requirement for (on-premises) SharePoint! However, Service Panel does support the MIM Portal SOAP API, and so it can front-end a MIM Portal hosted as a cloud service or on-premises, should that be required.
Can admins do all the same things in Identity and Service Panel as in the portal?
Well, no – but they don’t need to! If you want to use Portal Sync Rules (and we would recommend you don’t – see above) then you would still need the portal, but following the logic above, many portal admin features are no longer required, including:
- Portal Rules (They are replaced by Identity Panel’s Uplift™. Within Identity Panel Uplift, you can code using rules similar to the MIM Portal rules, but with more language features and functions – or you can write your MIM rules with PowerShell)
- RCDC config
- Search Scope config
- Navigation object config
- Home page config
- Portal config
- MPR and set definition (workflows in Identity Panel can apply to groups)
- Sync rule definition (see above)
- Etc.
Does Identity Panel support Workday?
Identity Panel supports importing Workday data for reporting, Time Traveler™, workflow, and for inclusion in Service Panel white-pages views. This is accomplished via the Workday reporting framework, which allows Identity Panel to manage the report refresh and download process via the scheduler. Oxford Computer Group has a WorkDay Management Agent, and also when MIM Service Port is released to a wide-audience this summer, it will include a built-in Workday Management Agent for MIM in the cloud.
Is SCSM reporting still needed or is it built in to Identity Panel?
SCSM is not needed, because Identity Panel has a complete reporting capability of its own (which has access to a complete history of your identity data). Not only is it more flexible and easier to configure, but it saves you a lot of infrastructure. Also you can include Azure AD Premium report data in your reports.
Is Identity Panel in the cloud something bundled with an M365 license or separate?
Quite separate, and available from SoftwareIDM.
View the entire webinar recording from January 22, 2019 by following the link below.
Interested in finding out more about SoftwareIDM’s Service Panel? Contact us, or utilize the links below.