So I’ve been learning SailPoint IdentityNow (IDN) and I am rattling my brains trying to match what I know about MIM and make sense in my brain and relate to the terms and how they are the same/similar but have different names in each product.
I have done up a little comparison table showing the most common things I have understood till date and tried to put it in words the way they are termed differently in MIM and IDN.
I am not an expert in either and not saying they are essentially correct or which product is better than other (btw there is no right answer to that – each have clear pros and cons depending on what you want in a product) but just trying to bridge the gap on understanding what they are in each.
|Has various like integer, string etc.
|Everything is defined as string essentially.
|Direct via MA which has config parameters.
|Done via a VA (Virtual Appliance) which is a lightweight custom Linux VM deployed at customer side (think of it as a secure tunnel from cloud IDN to your network).
|Management Agents (MA)
|Individual connectors connected to sources.
|Called a Source - Downstream or upstream.
|Connector Space (CS)
|Staging area for data in a connector.
|Shows up in the Accounts tab in the Source.
|Objects which had not connected to MV.
|Called "Uncorrelated Accounts" under the import data tab of the source.
|Where all the identities are connected to each MA and the fullest form of it in essence.
|Identity List which has links to all the sources.
|Projection & Provisioning
|Each MA has the rules and mappings to project a CS into MV and to the external source as well.
|Each Identity Profile has a mapping against a source and also provisioning rules. Sources which have an Identity Profile are also called Authoritative Source and ones which't don't are called Non-Authoritative.
|Rules which join CS objects to MV based on defined criteria.
|Called "Correlation" in the Source where we define those criteria.
|AD or MIM Groups
|Called Entitlements. It doesn't show groups as MIM does i.e. Group Management is not a thing. You do User Management with entitlements i.e. group membership.
|Importing objects from a connector to CS.
|Called "Account Aggregation" or "Entitlement Aggregation" which brings in the data.
|AD Password Sync from DC
|Done via PCNS
|Done via PWI (Password Interceptor)
|Direct via ADMA
|Needs a domain joined computer with IQService installed.
|Automation of logic
|Sets / MPR and Workflows in MIM Portal.
|Does it via Access Profiles , Roles and Identity Profiles in IDN Portal.
|Done via Workflows and other advanced methods like MIMWAL etc.
|Called Rules written in JAVA/BeanShell wrapped with XML.
|Under the hood config
|Lot of config is exported and modified in XML.
|Extensive API access mainly giving JSON outputs with few XML as well.
Feel free to correct me where I am wrong and / or if you want me to add something else or explain something more in details, do reach out.
Hopefully it made sense to someone!!!