So I’ve been learning SailPoint IdentityNow (IDN) and I am rattling my brains trying to match what I know about MIM and make sense in my brain and relate to the terms and how they are the same/similar but have different names in each product.
I have done up a little comparison table showing the most common things I have understood till date and tried to put it in words the way they are termed differently in MIM and IDN.
I am not an expert in either and not saying they are essentially correct or which product is better than other (btw there is no right answer to that – each have clear pros and cons depending on what you want in a product) but just trying to bridge the gap on understanding what they are in each.
|Data Type||Has various like integer, string etc.||Everything is defined as string essentially.|
|Connection||Direct via MA which has config parameters.||Done via a VA (Virtual Appliance) which is a lightweight custom Linux VM deployed at customer side (think of it as a secure tunnel from cloud IDN to your network).|
|Management Agents (MA)||Individual connectors connected to sources.||Called a Source - Downstream or upstream.|
|Connector Space (CS)||Staging area for data in a connector.||Shows up in the Accounts tab in the Source.|
|Disconnectors||Objects which had not connected to MV.||Called "Uncorrelated Accounts" under the import data tab of the source.|
|Metaverse (MV)||Where all the identities are connected to each MA and the fullest form of it in essence.||Identity List which has links to all the sources.|
|Projection & Provisioning||Each MA has the rules and mappings to project a CS into MV and to the external source as well.||Each Identity Profile has a mapping against a source and also provisioning rules. Sources which have an Identity Profile are also called Authoritative Source and ones which't don't are called Non-Authoritative.|
|Join Rules||Rules which join CS objects to MV based on defined criteria.||Called "Correlation" in the Source where we define those criteria.|
|Groups||AD or MIM Groups||Called Entitlements. It doesn't show groups as MIM does i.e. Group Management is not a thing. You do User Management with entitlements i.e. group membership.|
|Import||Importing objects from a connector to CS.||Called "Account Aggregation" or "Entitlement Aggregation" which brings in the data.|
|AD Password Sync from DC||Done via PCNS||Done via PWI (Password Interceptor)|
|AD Write||Direct via ADMA||Needs a domain joined computer with IQService installed.|
|Automation of logic||Sets / MPR and Workflows in MIM Portal.||Does it via Access Profiles , Roles and Identity Profiles in IDN Portal.|
|Advance Rules||Done via Workflows and other advanced methods like MIMWAL etc.||Called Rules written in JAVA/BeanShell wrapped with XML.|
|Under the hood config||Lot of config is exported and modified in XML.||Extensive API access mainly giving JSON outputs with few XML as well.|
Feel free to correct me where I am wrong and / or if you want me to add something else or explain something more in details, do reach out.
Hopefully it made sense to someone!!!