MIM (formerly Forefront Identity Manager, and Identity Lifecycle Manager before that) is a widely used service for managing user lifecycles and access rights in Active Directory.
Right now, it is moving into well-earned retirement phase. But don’t worry, it’s not the end of the world. There are tools you can use in its place, and there’s still time to move to another service.
In simple terms, yes. It is no longer actively developed by Microsoft. Mainstream support for MIM ended in January 2021. Azure AD Premium customers can get extended support until 2026.
Still, for many organizations, it is time to look for a replacement.
Microsoft has turned its focus to Azure AD. Can it really replace MIM entirely?
As we consultants like to say: it depends. Let’s have a look at what you can use to manage identities and up your IAG game.
MIM can synchronize your Active Directory with multiple external systems to centralize the management of user accounts. Its key features include:
This is just a snapshot of its capabilities. MIM also facilitates RBAC (with BHOLD), PAM, certificate management and reporting, and many other functionalities.
For on-premises environments, it has been the cornerstone of Identity and Access Management for a very long time.
There are some scenarios where MIM still performs very well. This is especially true for environments based largely on-premises. Example use cases include:
You can also build custom workflows and connectors to integrate the platform with internal systems, such as CISCO Unified Communications Manager.
Does it mean MIM is the only option for identity management? Not necessarily. Especially considering that MIM will soon be decommissioned, it is a good time to start looking at alternatives.
The closest replacement is, of course, Azure AD. It has a range of features that enable simple identity and access management for internal and external users.
If you’ve got a cloud-first or hybrid environment, it’s a perfect choice.
Some important functionalities are not available in Microsoft Identity Manager 2016. These include:
If you’re looking to upgrade your identity and access governance, use Azure AD to plug these gaps.
Particularly for on-premises environments, there are some features in MIM that are currently not available in Azure AD. They include:
You could build your own solution to cover these functionalities, but they can be costly and time-consuming. There are already services on the market, such as Omada (disclaimer: they are our partner in the IAM space) or CyberArk.
They have the necessary integrations available out-of-the-box, so you may be able to take advantage of them instead. They are fully compatible with MIM, so you could use them during the transition period.
MIM was great for on-premises environments, but with more and more organizations moving towards the cloud, they’re starting to look for cloud-based replacements.
As we’ve indicated, Azure AD is the closest substitute. By adding third-party tools you can easily replace all of MIM’s features, and add many new ones.
Here are the first steps to developing your MIM migration roadmap:
To see which services to replace your MIM functionalities with, check out our dedicated guide below. Note that all included functionalities are available in Azure AD natively and no additional customization is required.
Click the image below to download the PDF.
In need of MIM platform support? Get in touch and we’ll help you out.
I covered security in GitHub last time. But some of you likely use Azure DevOps for building your products, so let’s t...
Sometimes it feels like I'm pushing too much with security and software development, but then you prove me wrong. Rec...