What is most valuable?
- Provisioning and life-cycle management
- Portal for identity management administration
- Extensible framework for the development of custom management agents
- Service Oriented Architecture for the integration of portal and clients with FIM service
- Password Synchronization
- Criteria based group management
- Group membership approval
How has it helped my organization?
As an identity and access management consultant, I deploy FIM to clients looking to implement security controls through the automated provisioning user accounts and improve operational efficiencies in managing digital identities. This typically leads to a better security posture and reduced operational costs as well as improvements through self service capabilities.
What needs improvement?
- Customised Reporting functionality
- Management of multi-valued attributes for managed identities (this can be achieved through use of the available extensible components for workflows however this is a common requirement and should be available OTB)
- Customisation of the Portal interface (limited customisation available)
- Support for SQL cluster using always on availability groups (support for database mirroring)
- Improvement to portal deployment on SharePoint Foundation.
For how long have I used the solution?
What was my experience with deployment of the solution?
What do I think about the stability of the solution?
None, however, high spec servers are required.
What do I think about the scalability of the solution?
None, solution is scalable based on implementation design.
How are customer service and technical support?
8 out of 10. Technical Support
6 out of 10.
Which solution did I use previously and why did I switch?
I have implemented Tivoli Identity Manager, Oracle Identity Manager and NETIQ Identity Manager. By far FIM has been the easiest to deploy and support. It has fewer components to manage and because it is deployed on Window Servers, it uses the capabilities provided by the Windows platform for reporting, event management and service management.
How was the initial setup?
Initial setup is very simple and is based on design. The solution components have their own requirements however these are easy to manage in most cases. Deploying the solution is a matter of deploying the executable and installing the application components on the servers. Servers can be deployed across multiple or single servers.
Solution is simple to setup in an Active Directory environment as authentication and authorisation is primarily against AD users and groups.
What about the implementation team?
As an IAM consultant with FIM, most of the deployments have been through vendors. I would rate the consulting the team very high in this regard.
What's my experience with pricing, setup cost, and licensing?
Costing varies as this is calculated based on server and client access license.
Which other solutions did I evaluate?
Before I recommend FIM where required, I usually evaluate FIM against IBM, Oracle and NETIQ. It's not in all cases that FIM is recommended but this depends on factors such as cost, supportability, integration options and speed of deployment. Integration with cloud services is also an option considered and this is becoming more and more mandatory for most clients I have worked with who are looking for security controls for information asset protection.
What other advice do I have?
Perform lots of research, not only on the technology aspect but also on the business processes, business roles, how the business will support the solution and integration options. Investigate whether the licensing will be sufficient and if the external connector will be suitable for the organisation. Evaluate if all features of the solution need to be deployed in the same phase or if the features can be enabled across multiple phases. Also evaluate whether group management is important to the business as this feature of FIM is one of its highlights.