Importance of MIM
Microsoft Identity Manager (MIM) – along with its predecessors – has proved to be affordable, flexible and robust and, as a result, it has been deployed successfully in many different environments. Much of its functionality can be (and is being) smoothly migrated to the cloud (to Azure AD), but there are some functions which Azure AD does not cover, and which MIM covers very well. This should not be a surprise, because they are not alternatives – they are not trying to solve the exact same set of problems, but rather a somewhat overlapping set of problems.
MIM Support
MIM is currently under Fixed and Modern Lifecycle Policy. So MIM has the same Modern Lifecycle Policy for Support like Azure AD – but this is only available for Azure AD Premium Customers. With the Modern Lifecycle Policy there is no support end date for MIM, however it allows ending support with a 12 month notice. After that various paid for support options will be available – from Microsoft or partners like Oxford Computer Group (OCG) – and in any case your MIM solution will not suddenly stop working.
In the meantime, Microsoft continues to release features in its cloud offerings that can replace MIM functionality (although it is not yet a complete replacement). In addition, various Microsoft partners, such as OCG, are working on complex solutions to extend MIM with additional functions, to support the migration of MIM or even to replace MIM completely.
MIM alternatives
The options for an organisation until 2026 are:
- Replace MIM completely with Azure AD functionalities
- Replace most of the MIM functionality with Microsoft Cloud functionality and replace some remaining functionality by selecting and implementing a tool (presumably from a Microsoft-friendly vendor).
- Stay with MIM because the level of support needed can be provided by, for example, OCG
- Migrate to a different vendor altogehter. The risks of switching to another IAM vendor are discussed in detail in the original article
We would like to present a product that completely replaces the MIM Portal functionalities in detail.
IDABUS
Oxford Computer Group Germany (OCG DE) has produced some excellent extensions to the MIM Portal over many years, including a better interface, role management and reporting. IDABUS, from OCG DE’s subsidiary, IDABUS, is a cloud-based solution which does everything that the MIM Portal can do and much more (with the exception of things obviously done better by Azure AD, such as SSPR).
It is completely Azure-based (no local servers needed), and uses a subscription model. (An on-premises version is planned for high security environments, or customers without Cloud connections.) The feature set is that of the MIM Portal, plus
- Roles-based access control (RBAC)
- Reporting
- Very fast resource history, with restore options
- Event Graph, which is a representation of all data events related to any object in the system – a powerful tool for troubleshooting and auditing
- Preview/simulation/cancel/correct/resume features for workflows
- Workflows with complex scenarios (sophisticated approval flows)
- Time-triggered workflows
- Connection to any Rest API
- Extended XPATH language with visual builder
- Extensible schema (users, groups, roles, cost centers, org structures etc.)
- Configuration changes without downtime
- MIM migration Tool available (with security checks)
- In summary, IDABUS is the MIM Portal on steroids.
Quick reference
*The IDABUS development team is working with high priority on the development of its own synchronisation engine.
**Until the completion of our own synchronisation engine, we are using the MIM synchronisation engine. Therefore, both legacy provisioning and legacy HR import can be realised using an ECMA2 host.
***With the use of MIM's Synchronisation Engine, multiple sources of truth can also be realised.