So I’ve been learning SailPoint IdentityNow (IDN) and I am rattling my brains trying to match what I know about MIM and make sense in my brain and relate to the terms and how they are the same/similar but have different names in each product.
I have done up a little comparison table showing the most common things I have understood till date and tried to put it in words the way they are termed differently in MIM and IDN.
I am not an expert in either and not saying they are essentially correct or which product is better than other (btw there is no right answer to that – each have clear pros and cons depending on what you want in a product) but just trying to bridge the gap on understanding what they are in each.
MIM | SailPoint IDN | |
---|---|---|
Data Type | Has various like integer, string etc. | Everything is defined as string essentially. |
Connection | Direct via MA which has config parameters. | Done via a VA (Virtual Appliance) which is a lightweight custom Linux VM deployed at customer side (think of it as a secure tunnel from cloud IDN to your network). |
Management Agents (MA) | Individual connectors connected to sources. | Called a Source - Downstream or upstream. |
Connector Space (CS) | Staging area for data in a connector. | Shows up in the Accounts tab in the Source. |
Disconnectors | Objects which had not connected to MV. | Called "Uncorrelated Accounts" under the import data tab of the source. |
Metaverse (MV) | Where all the identities are connected to each MA and the fullest form of it in essence. | Identity List which has links to all the sources. |
Projection & Provisioning | Each MA has the rules and mappings to project a CS into MV and to the external source as well. | Each Identity Profile has a mapping against a source and also provisioning rules. Sources which have an Identity Profile are also called Authoritative Source and ones which't don't are called Non-Authoritative. |
Join Rules | Rules which join CS objects to MV based on defined criteria. | Called "Correlation" in the Source where we define those criteria. |
Groups | AD or MIM Groups | Called Entitlements. It doesn't show groups as MIM does i.e. Group Management is not a thing. You do User Management with entitlements i.e. group membership. |
Import | Importing objects from a connector to CS. | Called "Account Aggregation" or "Entitlement Aggregation" which brings in the data. |
AD Password Sync from DC | Done via PCNS | Done via PWI (Password Interceptor) |
AD Write | Direct via ADMA | Needs a domain joined computer with IQService installed. |
Automation of logic | Sets / MPR and Workflows in MIM Portal. | Does it via Access Profiles , Roles and Identity Profiles in IDN Portal. |
Advance Rules | Done via Workflows and other advanced methods like MIMWAL etc. | Called Rules written in JAVA/BeanShell wrapped with XML. |
Under the hood config | Lot of config is exported and modified in XML. | Extensive API access mainly giving JSON outputs with few XML as well. |
Feel free to correct me where I am wrong and / or if you want me to add something else or explain something more in details, do reach out.
Hopefully it made sense to someone!!!
7 Comments
Suryendu Bhattacharyya · 11/04/2020 at 2:57 AM
Hi, Can you share with me a few use cases for which MIM will be better suitable than Saviynt? I do not have much experience with either of the product but from my limited experience I think you can achieve all the scenario by using Sailpoint that can be done via MIM but reverse is not always true (without a lot of custom configuration).
admin · 11/04/2020 at 12:13 PM
I am not familiar with Saviynt. But MIM is good for simple sync from point A to B when everything is Microsoft. SailPoint is good for IGA and multiple connectors OOTB which MIM doesn’t come with.
michael · 01/27/2021 at 11:19 AM
I may have to navigate further into your threads, but did you transition from FIM to Sailpoint? If so, do you have a link to your thread?
Thank you in advanced.
Michael · 02/12/2021 at 3:40 AM
Hello, were you able to transition successfully from FIM/MIM to Sailpoint (IdentityNow)?
admin · 02/12/2021 at 8:03 AM
Hi Michael.. I have worked for clients who have done it. There are pros and cons to each product but keeping the limitations in mind above, you can transition.
Ironically its one of the more popular transition I am seeing these days along which systems which are just running on age old scripts under someone’s desk 🙂
Michael · 02/12/2021 at 8:55 AM
Thank you for your response. I’ve been researching on doing this transition. I don’t seem to see of any procedures/documentation. Do you know of any by any chance?
admin · 02/12/2021 at 10:57 AM
Not really.. it will be a full project for such and won’t be a simple lift and shift..