Time is Running out for ILM
Now’s the time to upgrade from ILM to MIM. If you are still running ILM, and we know some people are, there are two important things to consider: 1) you’re missing out on many compelling features offered by MIM, and 2) ILM reaches the end of its extended support in July 2017, so now is the perfect time to look at how MIM can enhance your identity lifecycle management system. Here are just five of the very many reasons to upgrade.
1 Self-Service Password Reset
Enabling end users to reset their own passwords without initiating a call to the helpdesk continues to be a major challenge for today’s IT departments. MIM has a self-service password reset (SSPR) capability with several different options for registration. MIM SSPR can even be deployed to the Windows desktop so that a user won’t have to use their phone or a co-worker’s PC to perform the reset process.
2 Advanced Group Management
ILM does not offer advanced group management, but MIM brings the group management functionality front and center in the user portal. MIM’s self-service functionality can further reduce helpdesk costs by allowing users to request access to groups and, if necessary, trigger the approvals required for those requests: this is perfect for distribution list management. Group membership can be calculated on attribute values providing birthright access and ongoing evaluation of membership during the user lifecycle, reducing the need for manual intervention, and increasing the inherent security of the environment.
3 Workflow Engine
One of the underpinnings of the MIM user portal is its workflow engine, which is an integral tool to bring business processes into automation. Typically, the workflows are used for approvals, group membership requests, or attribute changes, but it can be expanded to do many things, particularly the event-based, one-time actions that the state-based Synchronization Engine handles only with significant effort.
There are even custom additions to the workflow activity library that can be added to a MIM portal installation, covering scenarios which are not directly supported by the out-of-the-box workflow activities. These include Oxford Computer Group’s OCG Brix and Microsoft’s MIMWAL.
Unlike ILM, MIM gives you native capabilities to meet various reporting requirements, providing out-of-the-box reports on who asked for access, when they received access, and who approved it, helping to satisfy questions brought up by auditors. In addition, the reporting platform allows for complete customization – both of the long-term storage for audit data and the reporting itself.
If you need lightweight reporting, MIM offers hybrid reporting using Microsoft’s Azure cloud. You can access reports through your Azure portal without the need for additional infrastructure – all you need is a lightweight on-premises agent which uploads the relevant events to Azure.
If more advanced reporting is needed, MIM offers a full suite of reporting suite using System Center Service Manager and its data warehousing capabilities. Reports can be customized and subscriptions can be built so that they are distributed automatically.
The expiration date (July 11, 2017) for ILM’s extended support date is fast approaching, meaning you won’t be able to access support resources for your IAM solution. Your organization will not be able to meet regulatory requirements that force the use of supported software. Even mainstream support for Windows Server 2012 R2 ends at the start of 2018 – so it is time to plan a general modernization!
Migrating away from ILM will allow you to decommission older platforms and move to more modern, secure (and supported!) platforms such as Windows Server 2016 and SQL Server 2016, since MIM is fully supported to run on the latest infrastructure platforms.
The user portal has cross-browser support and can be securely deployed externally using the Azure App Proxy or Web Application Proxy.
Upgrade ILM to FIM 2010 R2 and then upgrade to MIM
This upgrade process should include an investigation of the existing ILM configuration and a review that ensures that the desired functionality is supported in MIM and meets best practices. OCG has performed many upgrades and has the knowledge and experience to help you in this task.
Install MIM as a new install, and migrate the ILM functionality to the new platform.
This process allows for a deeper review and allows for easier enhancement to your new MIM platform. This process has the advantage of using the new features of MIM upon go live rather than enabling them in post-go live. In addition, the existing ILM platform can coexist with MIM, allowing a staged feature migration, which can be valuable in complex environments.
The Microsoft identity management platform has been through several versions (and names) in its time: Microsoft Identity Integration Server 2003 (MIIS), Identity Lifecycle Manager 2007 (ILM), Forefront Identity Manager 2010 (FIM), and most recently, Microsoft Identity Manager 2016 (MIM). Whatever it’s been called, the system still provides the world-class synchronization features that it always has.
We can help you upgrade from ILM to MIM with information about the migration process, as well as direct support during your migration. Talk to us today! Email firstname.lastname@example.org or call us on +1 877-862-1617.