What is MIM?
MIM stands for Microsoft Identity Manager, and is new for 2015. You can read about the initial release on the Active Directory Team Blog. In past years, Microsoft has offered an identity manager (FIM) as part of their largely deprecated Forefront offering. MIM is a modernized offering based on FIM that Microsoft is now making available as part of their Azure Active Directory Premium offering. The focus of MIM is to provide role management, certificate management, group management, password reset options and identity synchronization.
MIM at its core was designed as an identity and access management framework for Azure and Windows Server Active Directory to help control other systems as well. MIM looks at the state of attributes in the source identity store (the value of each attribute and whether it has changed) and synchronizes those attributes with the systems and apps it is connected to. In addition to identities, MIM can be used to enforce corporate security policies across the system infrastructure, thus providing a consistent and secure environment for businesses to work in.
Integration with IDM365
IDM365 uses its own directory store for identities and access permissions that can be read through a secure web API. Through this API, MIM can update the various systems it is set up to control with the attributes stored and managed in IDM365. Configured as a middleman, MIM works in the background to make sure all systems stay synchronized while following any rules and policies that have been defined for it regarding what actions to take.
Instead of an event-based approach where systems are updated based on actions that are performed, MIM uses a monitoring or state-based approach for integration that assumes one side is always right, thereby ensuring consistency across systems.
Features and advantages of using MIM
- Consistency across systems
- Policy enforcement based on rules and conditions that keeps things up to date
- Easy synchronization of user identities across Windows Server Active Directory, Microsoft Azure Active Directory, remote folders and more
- Enhanced self-service options for users that reduce help desk traffic
- Workflow based certification of users
- Simplified administration of identity life cycles through workflows and business rules
- Improved security and compliance monitoring
- Simplified integration with systems through the large API and web services pool.