- Provisioning and life-cycle management
- Portal for identity management administration
- Extensible framework for the development of custom management agents
- Service Oriented Architecture for the integration of portal and clients with FIM service
- Password Synchronization
- Criteria based group management
- Group membership approval
Improvements to My Organization
As an identity and access management consultant, I deploy FIM to clients looking to implement security controls through the automated provisioning user accounts and improve operational efficiencies in managing digital identities. This typically leads to a better security posture and reduced operational costs as well as improvements through self service capabilities.
Room for Improvement
- Customised Reporting functionality
- Management of multi-valued attributes for managed identities (this can be achieved through use of the available extensible components for workflows however this is a common requirement and should be available OTB)
- Customisation of the Portal interface (limited customisation available)
- Support for SQL cluster using always on availability groups (support for database mirroring)
- Improvement to portal deployment on SharePoint Foundation.
Use of Solution
None, however, high spec servers are required.
None, solution is scalable based on implementation design.
Customer Service and Technical Support
8 out of 10. Technical Support
6 out of 10.
I have implemented Tivoli Identity Manager, Oracle Identity Manager and NETIQ Identity Manager. By far FIM has been the easiest to deploy and support. It has fewer components to manage and because it is deployed on Window Servers, it uses the capabilities provided by the Windows platform for reporting, event management and service management.
Initial setup is very simple and is based on design. The solution components have their own requirements however these are easy to manage in most cases. Deploying the solution is a matter of deploying the executable and installing the application components on the servers. Servers can be deployed across multiple or single servers.
Solution is simple to setup in an Active Directory environment as authentication and authorisation is primarily against AD users and groups.
As an IAM consultant with FIM, most of the deployments have been through vendors. I would rate the consulting the team very high in this regard.
Pricing, Setup Cost and Licensing
Costing varies as this is calculated based on server and client access license.
Other Solutions Considered
Before I recommend FIM where required, I usually evaluate FIM against IBM, Oracle and NETIQ. It's not in all cases that FIM is recommended but this depends on factors such as cost, supportability, integration options and speed of deployment. Integration with cloud services is also an option considered and this is becoming more and more mandatory for most clients I have worked with who are looking for security controls for information asset protection.
Perform lots of research, not only on the technology aspect but also on the business processes, business roles, how the business will support the solution and integration options. Investigate whether the licensing will be sufficient and if the external connector will be suitable for the organisation. Evaluate if all features of the solution need to be deployed in the same phase or if the features can be enabled across multiple phases. Also evaluate whether group management is important to the business as this feature of FIM is one of its highlights.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jan 27 2015