Microsoft Identity Manager

Microsoft Identity Manager (MIM), formerly Forefront Identity Manager (FIM) is Microsoft’s hybrid identity management platform that can connect all of your on-premises and cloud identities. MIM can manage the complete user lifecycle, including provisioning, deprovisioning, and access management to Microsoft and non-Microsoft systems through workflows that model your business requirements. With MIM’s self-service capabilities, your end users can reset their passwords, manage group memberships, and participate in approval workflows without incurring an expensive helpdesk call. Finally, MIM enables highly privileged credentials to be protected through MIM’s Privileged Access Management (PAM) capabilities.

RTG’s Microsoft Identity Manager and Forefront Identity Manager Consulting Services often include:

  • Identity assessments
  • IAM Roadmap and planning
  • Requirements and design development
  • Implementation
  • Forefront Identity Manager upgrades

MIM Engagement Methodology

We begin MIM engagements by focusing on the business processes and requirements that the technology will enable. This process begins by looking at the current state of affairs for Identity and Access Management (IAM). Existing processes for workflows such as user provisioning, deprovisioning, and access management are documented and modeled visually to enable stakeholders to understand the current state and formulate inputs for a “future state” design. Next, we work with the business to understand compliance drivers that may require specific workflows or process changes to meet regulatory needs and provide evidence.

Once consensus is reached on the current state environment, work begins on developing a future state design that transforms the current state processes to efficiently automate workflows and meet compliance requirements. The design is segmented in to use cases that are then prioritized by stakeholders to drive quick wins during the implementation phase.

Our approach to implementation of MIM is unique in that we follow an agile development methodology. This methodology is grounded in DevOps principles that enable an ongoing cadence of “quick wins” to be shown to the business over the course of a longer project. Rather than waiting a long period of time to begin deploying the initial implementation of MIM, frequent smaller deployments enables the team to rapidly demonstrate progress, ensure quality through frequent testing, and respond to evolving priorities.

Contact RTG today to learn more about how we can help with your Identity and Access Management needs.

Privileged Access Management

Many of the cyber-attacks that are making today’s headlines involve the compromise of a privileged credential. These credentials often have access to a multitude of sensitive systems on the corporate network. Through the use of a privileged access management (PAM) solution, privileged credentials can be controlled so that they only have elevated access to systems at the time that an administrator requires the credential.

With Microsoft Identity Manager 2016 (MIM), privileged Active Directory accounts can be managed from an easy to use self-service portal. When an administrator requires their privileged account to complete work, they can activate that account in MIM’s web-based portal. After a definable period of time, the privileged account will automatically lose all of its access until the administrator requests access again.

Contact RTG today to learn more about privileged access management in your organization.


WHAT’S NEW IN MIM 2016?

MIM 2016 the latest evolution in Microsoft’s identity management platform. MIM builds upon the success of Forefront Identity Manager to deliver new functionality that addresses the evolving security needs of today’s organizations. MIM’s new capabilities lie in four key areas:

END USER SELF SERVICE

Enhancements to the self-service password reset (SSPR) experience enable end users to perform self-service account unlock. End users identities can now be verified through Azure Multi-Factor Authentication (MFA).

PRIVILEGED ACCESS MANAGEMENT

MIM can manage the lifecycle of privileged accounts and ensure that credentials only possess elevated access at the time they are necessary. Through this process, administrators can request elevated “just-in-time” access when they need it and ensure that access only remains in place for the minimum amount of time necessary.

REPORTING AND AUDITING

All of the identity management and security events that occur inside of MIM are readily available for consumption by SIEM systems. Organizations with Azure Active Directory Premium (AAD-P) and the Enterprise Mobility Suite (EMS) can also take advantage of integrated hybrid security reporting whereby MIM data can be reported on via AAD-P.

CERTIFICATE MANAGEMENT

The certificate management experience in MIM has been evolved to support a modern application that works on touch devices. Through this application, end users can enroll for smart cards and virtual smart cards from the Windows home screen. Administrators can also programmatically manage certificates via a new set of REST APIs.

Contact RTG today to learn more about our Microsoft Identity Manager consulting services.