Microsoft Identity Manager Reviews

We are currently using a hybrid identity access management solution. We've got an on-premise ADFS that is running a Server 2016 ADFS farm. That is coupled to a Microsoft Identity Management Server 2016, which is then coupled to Azure Active Directory as the cloud-based identity and access management solution.

We're a partner and a reseller. We're a Microsoft Gold Partner and Cloud Platform, and we have achieved the Microsoft competency at the highest level due to our commitment to delivering successful solutions in both on-premises and cloud-based environments. So we are a Microsoft delivery partner and a Tier 2 reseller. In other words, we're reselling Microsoft licenses. 

We're also a deployment partner for Microsoft services, meaning that we can deploy services and migrate customers and design solutions and be involved in adoption and innovation programs on behalf of Microsoft. So we're a big partner in Microsoft solutions.

The feature that I find most valuable is the security layer of the identity and access management solution. The ability to secure on-premise and cloud-based workloads and to provide seamless authentication into hybrid workloads. In addition to cloud-based authentication, we've also got advanced adaptive authentication with a privileged identity management feature for protecting identities.

In terms of the identity and access management solution for an on-premise environment, I think Microsoft needs to eliminate or minimize the number of workloads for the solution to run in an on-premise environment.

For example, you need more instances, more servers on-premise for the whole solution to completely function. You need ADFS servers, farms application proxies, a MIM server, SQL databases, and Cluster databases, which leads to more costs in running and maintaining the solution.

I think Microsoft should minimize the number of instances in terms of hardware and software.

In the next edition, I prefer that Microsoft would start looking at giving the solution the ability to integrate on-premise workloads, specifically Linux on-premise workloads, with the cloud-based identity and access management solution, which is Microsoft Azure Active Directory. Currently, the provided Microsoft identity and access management solution does not have the capability to integrate with a Linux or Unix environment and the cloud-based Azure Active Directory.

I'm satisfied with the stability. It is quite stable these days because Microsoft updates all of its identity management solution technologies monthly. In terms of stability, I'm quite impressed.

I'm not quite impressed with the scalability of the solution, because you need more workloads in terms of scalability. For small businesses, I wouldn't recommend the Microsoft identity and management solution for on-premises environments for SMBs, because they won't see any return on investment since they will still need to invest in hardware, which is quite costly, and also in software. Maintaining the solution in general also requires more workload and instances to operate, so I wouldn't recommend on-premises environment for small businesses.

That is why most of my customers are enterprise customers. They will be best with a complex environment. Specifically, they will have hybrid environments that are running the on-premises MIM, Microsoft Identity Management.

For cloud-based identity and access management solution for Microsoft, specifically the Microsoft Azure Active Directory, it's an excellent solution for small businesses. It's excellent and it's easy to scale because you don't need to be an enterprise business to protect your applications with Azure Active Directory. It's quite good for cloud-based environments.

They provide excellent support. Now when you log a call with them they engage with you until they resolve the solution. They give you a dedicated engineer, a PSE specifically, to come and correct any issues.

To be honest, the on-premise configuration is complex. You need to know what you are doing to successfully deploy the solution. You need components such as an SSL certificate. Also, you can't use a self-signed certificate. You need a certificate with a publicly known CA, such as GoDaddy or DigiCert. Additionally, you need to configure your application proxies, all your ADFS and MIM servers, and also the database servers correctly. It's quite complex, you need to know what you're doing in terms of getting the solution up to speed.

My advice to someone implementing this solution would be to implement the on-premise identity and access management solution if they've got more than 1,000 identities on-premise. I strongly recommend implementing an on-premise environment in that case, or if they are a financial institution, such as a bank or underwriting institution. They also should implement the hybrid deployment, which means there would be an integration of the identity management solution sitting on-premises and a combination of the Azure Active Directory as an identity and access management in the cloud-based environment.

For small businesses, I would recommend that they implement the cloud-based identity and access management solution, leveraging the provided Azure Active Directory by Microsoft.

I'd give Microsoft Identity Manager a rating of nine out of ten. I'm giving it a nine because I'm looking at the hybrid scenario and more strongly on the cloud-based identity and access management solution for Microsoft. It has a lot of features; it has all the bells and whistles of identity and access management, such as adaptive MFA, intelligent graph security API, and being powered by Microsoft Graph API. Also, the multi-factor authentication is easy to set up, with a single button. For Windows environments, you just install one application API, called AD Connect, to sync all the on-premises identity to the Microsoft Azure Active Directory.

The reason why I'm not giving it a ten is that they still need to upgrade their solution to enable a new feature to accommodate Linux and Unix identity directory specifically to integrate with Microsoft Azure Active Directory. It seems as if the company does not want to provide that capability because now they are focusing on growing their own Microsoft Azure cloud, which means they are forcing all those customers that are running the Linux or Unix environment to come and migrate or lift and shift all their Linux or Unix workloads into Microsoft Azure. I think they are focusing on growing their own environment, which is why they are not providing this capability.

MIM allows for easier provisioning of Outlook mailboxes.

MIM's most valuable feature is its connectivity with Exchange.

MIM's reliability could be improved.

I've been using this solution for ten years.

MIM's stability is excellent.

MIM's scalability is excellent.

Microsoft's technical support is excellent.

Positive

We used SailPoint previously, but MIM is cheaper and easier to administer.

The initial setup was complex - I would rate the setup experience as two out of five.

We deployed using an in-house team, which took six months.

MIM gives a high return on investment.

MIM is free with a Microsoft Azure license.

We evaluated SailPoint and NetIQ.

I would give MIM a rating of ten out of ten.

We use the product for identity management. It stores organizational data, including contracts we generate using Active Directory.

The product’s most valuable feature is stability.

Microsoft Identity Manager could be more intuitive in terms of interface. Also, the product’s life cycle is very short. It is going to expire soon. It becomes tough to manage projects in this case.

We have been using Microsoft Identity Manager since 2016.

It is a stable product.

It is a scalable product.

The technical support services are average. They should improve the response time.

Neutral

The initial setup is complicated. It doesn’t have a modern GUI, making the process difficult. It takes one and a half years to complete. It requires one executive for maintenance.

I rate Microsoft Identity Manager a six out of ten.

Its interface and the fact that it's integrated with everything in the Microsoft ecosystem are the most valuable features. It integrates well with the operating systems, other apps, and servers, and it's easy to see exactly who's accessing what and so on.

The prices can always be improved, and the integration with the software from other vendors could use an improvement, especially if you are using something like Oracle for a database, SAP for ERP, or something like that.

Internally, we have been using this solution for about four years. We are using its latest version.

I'd rate Microsoft Identity Manager a 9 out of 10 in terms of stability.

I'd rate Microsoft Identity Manager a 10 out of 10 in terms of scalability. We have around 500 users.

I'd rate their support a 9 out of 10.

Positive

We've been using the previous versions of Microsoft Identity Manager before this. It was on-premises. So, we've had it implemented for some time, and then we upgraded it to the next version. Overall, we've had it for about 10 years.

I didn't participate in its implementation.

We noticed some ROI because the people in our IT department have a lot more time to do other things instead of constantly watching the infrastructure. If something is wrong, they get a notification, and they don't have to stay up 24/7 with their eyes on what's going on with the infrastructure. There is about 15% ROI.

The prices can always be improved. I'd rate it a 4 out of 10 in terms of pricing.

I'd recommend doing a proof of concept and watching out for the prerequisites and what it needs to function properly so that you don't start an implementation and find out that you need something else, such as SQL Server for a database or an analytics space. Read the requirements carefully and start with a proof of concept to see exactly how the people from the IT department are working with this solution and whether it would help them. That's because if they are not comfortable with the solution, they will use more time to understand it than to monitor the infrastructure.

Overall, I'd rate Microsoft Identity Manager an 8 out of 10.

There have been only two, maybe three projects related to this product. The challenge with obtaining information about these projects is that we focused mainly on designing the solution. 

The customers did not want continuous involvement in the operations because they couldn't see immediate results. So, we started with initial contact and face-to-face interviews to understand the organization's structure. Then, we began integrating the solution, including the site-based aspects and the schema for the metadata directory, which is essential for working with other components. 

However, the time spent designing and integrating the identity solution is a challenge. The deployment process is not quick. In the best-case scenario, it may take around six months before you see some tangible results at the beginning of the implementation of the identity solution.

The concept is primarily for the people in the business. In business, you can discuss how integrating all the services and resources within the company can bring numerous benefits. It involves having an integrated persona in the organization, not just in technology but throughout the company, including resources, printing, Salesforce, and office.

The problem lies in how to convey these ideas within each department. For example, the technology department might say, "No, this is an accounting problem because it's related to the accounting system." And the same goes for other departments like human resources. These are the kind of challenges we face when trying to integrate all the components within the company. We need to communicate with individuals about the benefits of identity, which are clear to project managers. We have executive support internally, but the challenge lies with the employees who don't see the benefits because they might be long-term or not immediately apparent.

I always appreciate products that provide technical information. It would be helpful to understand what's happening behind the scenes, such as log information. It doesn't need to be extensive, but it should show the process and provide insights. For example, in any Identity Manager software, having a console that displays the ongoing process helps identify any issues. Once you stop the process, you can refer to the problem and determine which system it's related to. This is very useful.

In the case of Microsoft Identity Manager, it would be beneficial to have a similar process where each stage of the process is clearly documented. For example, if there's a problem with communication between the identity manager and the human resource services when requesting a new account or adding a profile, having visibility into the systems involved helps identify the root cause. It could be a problem with the sales system, even if the product itself is not the Active Directory server solution. Understanding the connection and how to resolve the issue is crucial.

It takes a considerable amount of time to reach the right person and truly understand the problem. Especially in different regions, the problem may appear different but actually be related to another underlying issue. Support personnel with experience can identify such cases and provide effective solutions, but it can be time-consuming to reach these individuals, sometimes taking two or three hours on the phone. This can be challenging when the issue is affecting production. Reaching out to the support can be complex. For example, when dealing with Active Directory, there are ways to gather information and create reports, but they may not always be effective in certain scenarios. You often need to gather information from different sources, compile it into a document, and explain the problem, its identification, the solution, and so on. It's an ongoing process with multiple steps.

The setup was difficult. The deployment process is not quick. This is the case not just with identity solutions from Microsoft but also in general. There haven't been many implementations or opportunities for identity solutions in Mexico. The projects haven't been successful as they want to see quick resolution and benefits from the solution. Implementing identity solutions involves understanding the organization, integrating various systems, validating security components, and addressing other challenges.  People often feel frustrated because it takes a significant amount of time during the planning phase. There are no significant issues. The main problem with Microsoft Identity Manager is related to identity requests or similar matters.

Moreover, maintenance depends on how the project is initiated because I don't provide extensive support after the implementation. But initially, around five individuals are involved in a company with items, persons, and employees. In the beginning, there were only five products published in the shopping cart, and users can request services or access to systems such as accounting or similar programs. I don't recall the other programs, but there were only five initially. The problem arises when it comes to budget constraints. We publish five products internally and integrate with three systems—human resources, accounting, and IP directory— but there are more systems in existence. We try to create and extend the solution, but the customer needs to assign dedicated personnel to ensure the continuity and smooth operation of the solution. This becomes problematic because they usually reach out to us when they encounter issues like communication problems or misconfigurations. Maintenance or system upgrades are not the primary reasons for their calls.

I have experience with Microsoft Identity Manager as well as the Identity Manager from Quest Software, which was previously owned by VMware.

Overall, I would rate the solution an eight out of ten. However, my experience is based on the planning stage because we haven't had the opportunity to implement it.

I have an ongoing project with my clients that encompasses research.

Hypbrid cloud is the major case, also some on Mobile Application developing.

Customer point of view, MIM work as / or together with SSO to extend the authentication, empowers orgnization agility by adopting new apps faster 

Identity 
Security 
Access Managment is the three I can think of. why? they transpass the hybrid barrier, and it's from Microsoft, fits in M365 applicaiton well

The product could be more friendly for non-native English speakers. It would also be better if it were more intuitive and visually attractive.

Microsoft Identity Manager was designed for the on-premise environment. If you want to implement a cloud-based application, so you will run into some problems, including the transport of the token from the applicant, the application side, the mobile application side through the firewall, and the transfer to the backend for authentication. That part is not quite convenient. It is very slow.

I have been using this solution for a few years. 

It is a stable product. You will experience some issues with it, but it's a good product. Identity is a complex thing, multifactor authentication is yet another, what add on this complexity is the wild Internet, if you focus enough，MIM or AAD will be you best choice. 

Microsoft Identity Manager is a scalable product. It allows for multiple users that can work together.

We work with Microsoft Active Directory, Azure Active Directory, and Microsoft Services as an identity and access management system. This solution provides privileged identity management single sign-on, so we're focusing on that.

This is an all-encompassing product. The features that we find most valuable are security, mobility, and Single Sign-On.

They have to improve the User Entity and Behavioral Analysis. They have all of these features, scattered around in different components. For example, if a user logs into a computer, from that point the behavior is not completely monitored. Windows Defender is monitoring the action, but if you go into the website, the solution is not capable of understanding it. Therefore, in the case of a user browsing a malicious website, there is no way to identify it.

There should be a way to create a profile for each and every employee. For example, if an employee is searching websites for a job then the organization should be able to identify that and recognize that he's going to leave the company soon. Or, if the user is trying to access a confidential document then that identity should be tagged as a malicious user. You should be able to create metrics or risk levels for a particular user.

Generally, the security features need to be improved so that they do not have to rely on other solutions. Importantly, browser behavior should be integrated. Properties such as what department an employee is in, and what resources they access, as well as the relevant correlations, should all be determined and stored.

This is a stable product that is continuously improving.

It is scalable to any extent, so it is not an issue for this solution.

There are approximately three hundred users, which are employees. Six of them are administrators, and perhaps another ten of them are privileged users who have access to various components of the system.

I would rate the technical support a seven out of ten.

There are different service levels. For example, an enterprise customer will probably have a special service level agreement, but for SMBs, the level is different. So in that, not all customers are treated equally.

The initial setup is simple because a lot of the configuration comes from the on-premises Active Directory. It connects to various other components. If your device has to be enrolled then it is a bit complex, and you need expertise on that.

Our implementation was handled by a Microsoft partner.

I strongly recommend this solution. It encompasses the cloud, on-premises applications, mobility, and on-premises users. The modern enterprise encrypted license is one of the best solutions to go for because of the mobility and security for the workforce, as well as for the company.

I would rate this solution an eight out of ten.

I use Microsoft Identity Manager to help users with different groups, closing different applications, access provision, and for de-provisioning access for different applications.

I deploy the products for my different customers as an offer for my organization. We will deploy this product with 95% of the customers that I'm working with professionally.

With Microsoft Identity Manager, most of the time the organizations actually agree that it is a primary benefit to use them. Since Identity Manager is from Microsoft, there is the assurance that it integrates alphabetically. It also works well with the server. 

Microsoft integration products are strong. That is what I like about the product.

If we compare this Microsoft Identity Manager with Okta or OneLogin, both provide multiple connectors and box connectors. Whereas with Microsoft Identity Manager, there are limits.

Instead of using the connectors from the third-party companies, they should make the Microsoft templates available with this product. If Microsoft would increase the number of the box connectors that would be helpful to all the customers who use it daily. 

Microsoft Identity Manager is good for using in production and increasing recruitment.

One to three years.

The stability of the solution is very good. 

Scalability-wise, Microsoft Identity Manager is good. It is not meant for consumers. It's meant for enterprise identity management, it is not meant for consumer identity management. 

I have implemented for 35,000 users, 40,000 users, and 16,000 users, plus another 5,000 user base. The product can scale in terms of how many users it can hold. It is a combination of multiple admin users, employees, and contractors. Even administrators are also part of Microsoft Identity Manager, but it is a very minimal number.

For deployment, one architect and two implementation consultants would be good and enough to deploy the solution in high-availability after recovery.

With all the high-availability and data recovery concerns, three people would have to be required to deploy. Whereas for the support, it just depends on the user base. If it is a minimal user base we can offer any company shares per user, but if the user base is large, then a dedicated support model is required. 

I had experience dealing with Microsoft customer support when I was working for Behold. The technical support is a little slow. They are a little slow in responding and they take their own time when offering the service. 

I'm happy but I'm not delighted with their support. 

I have deployed Microsoft for multiple customers but I haven't done the migration from One Identity Manager product to MIM. I have deployed various products. 

I haven't migrated from any other identity manager to Microsoft Identity Manager.

If we compare Microsoft Identity Manager to a cloud-based identity management solution, the initial setup is complex. 

If you compare Microsoft Identity Manager with Okta or OneLogin and the direct cloud solutions, these are all fast solutions awaiting only minimal configuration. The number of companies for which we uniquely install Microsoft Identity Manager is a little more than what we allocate fact-based IDM solutions for overall. 

Deployment depends on if the customer requires high availability and disaster recovery strategy, or the number of applications that we need to integrate.

The time that it takes to deploy the solution, integrate applications, and configure the dynamic overflow typically takes around three months. 

The deployment requires a minimum of three months and sometimes it can go up to six months. 

I work for companies who provide the services as an integrator. I work as a systems integrator.

Microsoft Identity Manager comes with the premium or community license. If the customer doesn't have a premium license, the reseller who sells the licenses of Microsoft to the enterprise can extend the license for the client.

Generally, I don't have exposure towards the final figures, but I believe Microsoft is very well in line with other products in terms of pricing.

I was evaluating OneLogin and since I don't have experience with other software, I had to recommend Microsoft Identity Manager on the basis of customer requirements.

The out of the box connectors need to be increased. We can integrate with multiple applications to connect together through using Microsoft Identity Manager.

I would grade Microsoft Identity Manager at 7 or 8 out of 10. I wouldn't give it a ten because of the lack of out of box connectors. I don't see any other drawback in the product.