Microsoft Identity Manager (MIM) 2016
MIM 2016 is the primary identity and access management product of Microsoft that provides all the different server roles and components needed in this field of technology. MIM 2016 is mainly used to provide a sanitized and central identity in on-premise environments. In the context of a hybrid architecture, it plays a crucial role in connecting any repository to manage identities in different repositories. Furthermore, complex identity-management scenarios are provided with this component. This also includes the management of Azure AD and many SaaS applications in today's market, as you can see in the following diagram:
The following section gives you a short overview of the key components of MIM 2016 to help a solution architect/engineer to identify possible interactions or elements that need to be included in a design blueprint for a suitable solution. We also use some of these components in the provided implementation guides of the book, such as in Chapter 8, Using the Azure AD App Proxy and the Web Application Proxy, where we implement the Azure AD business to business (B2B) scenarios.
The following main feature sets are provided by MIM 2016:
- Identity synchronization including provisioning/deprovisioning
- Access request and Access Policy Management
- Delegation of administration
- Self-service password reset and account unlock
- Self-service group management
- Role management (RBAC, ABAC, SoD)
- Manual managed groups
- Manager-based groups
- Criteria-based groups (attribute-based access controls)
- Time-limited group memberships
- Certificate management
- Reporting and compliance and Access Certification
If you want to use MIM 2016 as your central identity-management system, we highly recommend you take a look at the Workflow Activity Library (WAL) under http://microsoft.github.io/MIMWAL/. Also, the combination of the newly integrated privileged access-management solution in Windows Server 2016 and MIM 2016 provides a very effective way to manage and limit security issues with administrative accounts.