This library released on MiniTool official page introduces an identity management product developed by Microsoft – Forefront Identity Manager. It covers the definition, function, version history, and special characteristics of FIM, as well as the differences between FIM and Azure AD Connect.
What Is Microsoft Identity Manager (MIM)?
Microsoft Identity Manager, also called Forefront Identity Manager (FIM) or Microsoft Forefront Identity Manager, is a state-based identity management software aimed to manage users’ digital identities, credentials, as well as groupings throughout the lifecycle of their membership of an enterprise computer system.
Forefront Identity Manager integrates with Microsoft Active Directory (AD) and Microsoft Exchange Server to offer identity synchronization, certificate management, user password resetting, as well as user provisioning from a single interface.
Microsoft Identity Manager Version History
MIM is part of the Microsoft Identity and Access Management (IAM) platform product line. It superseded MS Identity Lifecycle Manager (ILM) and was known as ILM 2 during the development.
1. Identity Lifecycle Manager 2007
ILM 2007 was created by merging Microsoft Identity Integration Server 2003 (MIIS) and Certificate Lifecycle Manager (CLM).
2. Forefront Identity Manager 2010
FIM 2010 takes advantage of the Windows Workflow Foundation concept and utilizes transactional workflows to manage and propagate changes to a user’s state-based identity. This is in contrast to most of the transaction-based competing products that don’t have a state-based element. Administrators can not only create workflows with the web-based graphical user interface (GUI) of the ILM 2 portal but also include more complex workflows designed outside of the portal by importing XAML files.
3. Forefront Identity Manager 2010 R2
FIM 2010 r2 (Release 2) was released in June 2012. It has the extra capabilities listed below.
- Improved self-service password reset that supports all current web browsers.
- Improved reporting engine via the System Center Service Manager and MS SQL Server Reporting Services (SSRS).
- Improved performance, simplified deployment & troubleshooting, better documentation, and more language support.
- Role-Based Access Control (RBAC) through the acquisition of BHOLD
- A WebServices Connector to connect to SAP ECC 5/6, Oracle PeopleSoft, and Oracle eBusiness.
4. Microsoft Identity Manager 2016
MIM 2016 is built on the identity and access management capabilities of Forefront Identity Manager, both assist to manage the users, credentials, policies, as well as access within your organization. Besides, MIM 2016 adds a hybrid experience, privileged access management capabilities, and support for new platforms.
Upgrade from FIM 2010 R2 to MIM 2016 >>
5. Microsoft Identity Manager 2016 SP2
MIM 2016 service pack 2 is a rollup of existing hotfixes since MIM 2016 SP1. It also introduces the option to configure the use of Group Managed Service Accounts (GMSA) for Microsoft Identity Manager Synchronization Service and Microsoft Identity Manager Service. Moreover, MIM 2016 SP2 allows MIM to be deployed with other updated platform software.
Microsoft Identity Manager 2016 licensing and downloads >>
Codeless Provisioning of Microsoft Identity Manager
Forefront Identity Manager introduces the concept of “codeless provisioning” that enables administrators to create objects in any connected data source without writing any code in one of the .NET framework languages.
The code-less provision offered by MIM should support most of the simple to medium complexity scenarios for account lifecycle management. FIM fully honors existing MIIS implementations and supports “traditional” coded provisioning side-by-side with codeless provisioning methods.
Microsoft Identity Manager vs Azure AD Connect
In general, Azure Active Directory (AD) Connect is based on MIM and they share a lot of codes, UI, and behavior. Yet, they are still different.
The primary component of Azure AD Connect is Sync, which is the reference when people say “Azure AD Connect”. While, the primary component of MIM is the synchronization service. Although the two are functionally similar and most of what can be done in Azure AD Connect can be done in MIM, they are different in architecture.
The biggest difference in architecture is that most of that in MIM isn’t supported in Azure AD Connect, which is designed as a wizard-driven tool to meet the requirements of specific scenarios.
Present in Microsoft Identity Manager But Not in Azure AD Connect
- A portal for managing users and groups, running workflows, as well as offering self-service features like group management, password reset, and white pages.
- Microsoft Identity Manager certificate management.
- The ability to receive passwords from AD and send them to other systems using Password Change Notification Service (PCNS).
Present in Azure AD Connect But Not MIM
- The ability to receive Azure AD password changes and feed them to AD.
- The ability to flow AD password hashes to Azure AD.
- Authentication services either via federation or its passthrough authentication agent.
- An agent that is able to provision AD with WorkDay users (though MIM can be made to do this)
- The Rules Editor application.
Synchronization Comparison
Microsoft Identity Manager is designed as a generic tool to sync sources of identity data such as users and groups. It’s highly flexible but does nearly nothing out of the box. MIM requires lots of configuration to do anything useful and generally code as well.
Azure AD Connect is based on MIM and likes MIM in many aspects. However, it is configured in a completely different way. Much of it is able to be configured through a wizard. Most of the rest is configured by a rules editor and rules that are quite different from anything you may see in MIM.
Both Microsoft Identity Manager and Azure AD Connect are capable of importing or exporting identity data from or to just about any data source and anything else isn’t supported. Yet, Azure AD Connect is aimed to connect all your AD forests and your (single) Azure AD tenant.
As for syncing identity data, MIM can handle many more scenarios than Azure AD Connect including many on-premises systems and even cloud systems.
Also read: Better Understanding of Microsoft Power Automate – What Is It?