Transforming Education IAM: From MIM to Identity Panel Suite

Background

A prominent education provider, encompassing 30+ schools, over 3,500 teachers, and more than 45,000 students, initially sought our assistance to provide ad-hoc support for their Microsoft Identity Manager (MIM) implementation. Impressed by our expertise and proactive support, they asked us to implement a new identity management solution to replace MIM.

The brief

The organization’s MIM solution, deployed several years ago, functioned but lacked a MIM test environment. Changes had been made in the live environment, without proper testing, making it increasingly challenging to maintain. Following the departure of their MIM specialist several years ago, the organization lacked the internal skills and confidence to manage anything beyond basic updates. Consequently, changes in business rules and requirements were not reflected in the system, leading to an outdated IAM implementation.

Recognizing the need for a robust and easy-to-maintain replacement, Oxford Computer Group was asked to help them evaluate two options: Microsoft Entra and SoftwareIDM’s Identity Panel Suite. With their complex requirements and environment, they needed a highly customizable synchronization engine and user portal solution, capable of complex role- and attribute-based access control. Hence they selected SoftwareIDM’s Identity Panel Suite. They particularly liked its extensible user portal and the ease of ongoing maintenance – as it is cloud-based, software patches are deployed automatically eliminating the need for time-consuming and error-prone MIM hotfixes and SharePoint updates.

They also emphasized the need for self-sufficiency post-deployment, a key consideration throughout the project.

The solution – planning

Initially, we conducted a comprehensive discovery exercise to:

  • Analyse and review the existing MIM solution
  • Document current and future IAM requirements through workshops
  • Recommend process improvements and quick wins

We thoroughly examined the existing MIM implementation, including the synchronization engine configuration, code base, portal configuration, and supporting scripts. We mapped the current processes both within MIM and outside of it, identifying challenges like the incomplete migration from code-based to portal-based rules, which required our extensive experience and knowledge of both to untangle.

We recommended a staged implementation to reduce the risk, enable the organization to realize the benefits sooner, and develop the staff’s product knowledge. We also minimized and carefully planned any modifications to the existing live MIM environment.

The solution – deployment

With a comprehensive plan in place, we executed a series of phased deployments, each with development, test, remediation, and go-live phases, to transition functionality from MIM to Identity Panel Suite:

  1. Environment setup: We built new development/test and production environments, making use of Identity Panel Suite’s built-in tools to efficiently, and accurately, migrate configuration between the environments
  2. Core product deployment: We connected the data sources, imported data, and configured the business logic. We then ran the rules without permitting external system changes, to ensure smooth integration and reliable reporting
  3. Criteria-based group management: Implemented complex rule sets for controlling group membership
  4. Service Desk portal: Customized service desk portal providing a simplified way to perform various tasks such as account name overrides, password reset, and emergency disable
  5. Phased go-lives: Go-live for new guest accounts (JML), followed by a go-live for existing guest accounts. Subsequent go-lives for staff, teachers, and students

The result

Our methodical approach ensured a seamless transition to an IAM solution that is robust, efficient, effective, and easy to maintain. The user-friendly portal enables select staff to perform a tailored set of IT service tasks, reducing the burden on the service desk and IT teams. Key highlights include:

  • Vastly quicker sync times – a full sync in MIM took hours, now measured in minutes with Identity Panel Suite
  • No code required – advanced rules and custom functionality configured in the interface
  • A unified view of identities, now and in the past – the suite’s ‘Time Traveler’ function depicts the current state of an identity and also shows changes over time
  • Comprehensive reporting
  • ‘As-Built’ documentation – Identity Panel Suite automatically updates the documentation as changes are made

Throughout the deployment, regular show-and-tell and knowledge-transfer sessions were conducted. The organization’s IT staff are now well-versed in the product, self-sufficient, and capable of both supporting it and making future changes.

Organization’s next steps

Empowered with their newfound knowledge, their IT staff are now planning to replace their home-grown guest portal with Service Panel and extend it to include guest students (for example providing a limited, short-lived account so they can take entrance exams).


Looking to migrate your MIM implementation?

If you want to understand your options and have a detailed plan on the best way to migrate your MIM implementation, request a workshop.

REQUEST YOUR MIM MIGRATION DESIGN WORKSHOP

This article is part of a series on MIM migration.

Have you read our MIM roadmap outlining various scenarios for migrating from MIM?


Questions?

Contact us by email or +44 (0)1865 521200