So I’ve been learning SailPoint IdentityNow (IDN) and I am rattling my brains trying to match what I know about MIM and make sense in my brain and relate to the terms and how they are the same/similar but have different names in each product.
I have done up a little comparison table showing the most common things I have understood till date and tried to put it in words the way they are termed differently in MIM and IDN.
I am not an expert in either and not saying they are essentially correct or which product is better than other (btw there is no right answer to that – each have clear pros and cons depending on what you want in a product) but just trying to bridge the gap on understanding what they are in each.
MIM | SailPoint IDN | |
---|---|---|
Data Type | Has various like integer, string etc. | Everything is defined as string essentially. |
Connection | Direct via MA which has config parameters. | Done via a VA (Virtual Appliance) which is a lightweight custom Linux VM deployed at customer side (think of it as a secure tunnel from cloud IDN to your network). |
Management Agents (MA) | Individual connectors connected to sources. | Called a Source - Downstream or upstream. |
Connector Space (CS) | Staging area for data in a connector. | Shows up in the Accounts tab in the Source. |
Disconnectors | Objects which had not connected to MV. | Called "Uncorrelated Accounts" under the import data tab of the source. |
Metaverse (MV) | Where all the identities are connected to each MA and the fullest form of it in essence. | Identity List which has links to all the sources. |
Projection & Provisioning | Each MA has the rules and mappings to project a CS into MV and to the external source as well. | Each Identity Profile has a mapping against a source and also provisioning rules. Sources which have an Identity Profile are also called Authoritative Source and ones which't don't are called Non-Authoritative. |
Join Rules | Rules which join CS objects to MV based on defined criteria. | Called "Correlation" in the Source where we define those criteria. |
Groups | AD or MIM Groups | Called Entitlements. It doesn't show groups as MIM does i.e. Group Management is not a thing. You do User Management with entitlements i.e. group membership. |
Import | Importing objects from a connector to CS. | Called "Account Aggregation" or "Entitlement Aggregation" which brings in the data. |
AD Password Sync from DC | Done via PCNS | Done via PWI (Password Interceptor) |
AD Write | Direct via ADMA | Needs a domain joined computer with IQService installed. |
Automation of logic | Sets / MPR and Workflows in MIM Portal. | Does it via Access Profiles , Roles and Identity Profiles in IDN Portal. |
Advance Rules | Done via Workflows and other advanced methods like MIMWAL etc. | Called Rules written in JAVA/BeanShell wrapped with XML. |
Under the hood config | Lot of config is exported and modified in XML. | Extensive API access mainly giving JSON outputs with few XML as well. |
Feel free to correct me where I am wrong and / or if you want me to add something else or explain something more in details, do reach out.
Hopefully it made sense to someone!!!