Cloud-first IAM: How SoftwareIDM’s Identity Panel Suite enhances Microsoft Entra
Oxford Computer Group’s James Cowling’s blog “Microsoft Entra cloud-first IAM: Options for transitioning from on-premises MIM to Microsoft Entra focused solutions in 2024”, along with his subsequent webinar, has – deservedly – garnered a lot of interest and a lot of praise.
He refers to the need for a 3rd party Identity as a Service (IDaaS) platform but stops short of naming any specifics. In this blog, I am going to talk about how one such 3rd party product – SoftwareIDM’s Identity Panel Suite – can satisfy this need.
He goes on to say that such a platform must be properly cloud-based, maximize the use of Microsoft Entra ID’s native capabilities, but also enhance them with additional functionality such as custom UI/UX, hierarchical role and permission inheritance, workflow preview and rollback, management of fine-grained access, and detailed reporting of roles and permissions. Let’s look at how SoftwareIDM’s Identity Panel Suite measures up to these requirements and more.
James identifies 5 scenarios in his blog (I won’t expand much on these here as they are fully covered in the blog which you should check out). Remembering that our aim here is a MIM replacement, that is cloud-first, and strongly based on Microsoft Entra ID, I see the opportunities as follows:
# | Scenario | Why SoftwareIDM’s Identity Panel Suite may be of interest |
---|---|---|
1 | Complete migration to Microsoft Entra ID | Your intended support for legacy, on-premises systems and applications requires the bi-directional flow of data, or handling of objects and attributes that goes beyond user and group membership |
2 | Cloud-first hybrid | You wish to avoid bespoke development and/or you have a large number of users, and wish to minimize per-user cost |
3 | Identity-as-a-Service (IDaaS) hybrid | As identified in the blog, a 3rd party IDaaS platform is an absolute requirement in this scenario – I expand on this below |
4 | Private cloud only | There is probably no other platform that can simply replace MIM – it can import your MIM configuration into its HyperSync Panel application (with a few caveats) |
5 | Maintain status quo – plan for the future | Not relevant here |
Across all of these, I should say at the outset that SoftwareIDM’s Identity Panel Suite will not (usually) put too much strain on your budget. Per-user costs are comparable with industry norms, and they cap out at 10,000 users – a huge advantage for organizations of size.
As I say, I will now focus on the 3rd of these scenarios, starting with James’ solution diagram:
SoftwareIDM’s Identity Panel Suite slots in at the top of this diagram (IDaaS solution). Here are a few of its characteristics:
- A cloud-first platform, which is tightly integrated with Microsoft Entra ID
- An entirely flexible connector architecture (in Identity Panel parlance, this is the “provider” architecture): bi-directional, practically no limitations on managed objects and attributes, and both on-premises and cloud support
- A vendor-agnostic governance application (Access Panel) able to manage any type of permission assignment (e.g. membership, attribute, role), offering an enormous number of options for access reviews (across any connected systems), support for memberships managed by Microsoft Entra), complex segregation of duties (SoD) requirements with risk quotients, and on-premises privileged access management
- A flexible UI that supports user self-service for white pages, update of personal data, and access requests with complex approval policies and integration with service desk applications
- Security controlled at the attribute level according to the signed-in user and audience.
- A sophisticated report engine, and because it also maintains a continuous history of changes, all reports can be for a point in time
- Performance (which has sometimes been a challenge for MIM) off the scale
OK, this is starting to sound like an advert! It is not the only option, but it is one I spend a lot of time working with, and I really like it.
There is so much more that could be said, so if you want to investigate moving from MIM to a cloud-first solution focussed on Microsoft Entra, request a MIM Design Workshop. Through a series of meetings and discussions, we evaluate your current implementation and cloud-first objectives providing a tailored design specification report for your best migration path from MIM.