Microsoft Identity Manager Reviews

There have been only two, maybe three projects related to this product. The challenge with obtaining information about these projects is that we focused mainly on designing the solution. 

The customers did not want continuous involvement in the operations because they couldn't see immediate results. So, we started with initial contact and face-to-face interviews to understand the organization's structure. Then, we began integrating the solution, including the site-based aspects and the schema for the metadata directory, which is essential for working with other components. 

However, the time spent designing and integrating the identity solution is a challenge. The deployment process is not quick. In the best-case scenario, it may take around six months before you see some tangible results at the beginning of the implementation of the identity solution.

The concept is primarily for the people in the business. In business, you can discuss how integrating all the services and resources within the company can bring numerous benefits. It involves having an integrated persona in the organization, not just in technology but throughout the company, including resources, printing, Salesforce, and office.

The problem lies in how to convey these ideas within each department. For example, the technology department might say, "No, this is an accounting problem because it's related to the accounting system." And the same goes for other departments like human resources. These are the kind of challenges we face when trying to integrate all the components within the company. We need to communicate with individuals about the benefits of identity, which are clear to project managers. We have executive support internally, but the challenge lies with the employees who don't see the benefits because they might be long-term or not immediately apparent.

I always appreciate products that provide technical information. It would be helpful to understand what's happening behind the scenes, such as log information. It doesn't need to be extensive, but it should show the process and provide insights. For example, in any Identity Manager software, having a console that displays the ongoing process helps identify any issues. Once you stop the process, you can refer to the problem and determine which system it's related to. This is very useful.

In the case of Microsoft Identity Manager, it would be beneficial to have a similar process where each stage of the process is clearly documented. For example, if there's a problem with communication between the identity manager and the human resource services when requesting a new account or adding a profile, having visibility into the systems involved helps identify the root cause. It could be a problem with the sales system, even if the product itself is not the Active Directory server solution. Understanding the connection and how to resolve the issue is crucial.

It takes a considerable amount of time to reach the right person and truly understand the problem. Especially in different regions, the problem may appear different but actually be related to another underlying issue. Support personnel with experience can identify such cases and provide effective solutions, but it can be time-consuming to reach these individuals, sometimes taking two or three hours on the phone. This can be challenging when the issue is affecting production. Reaching out to the support can be complex. For example, when dealing with Active Directory, there are ways to gather information and create reports, but they may not always be effective in certain scenarios. You often need to gather information from different sources, compile it into a document, and explain the problem, its identification, the solution, and so on. It's an ongoing process with multiple steps.

The setup was difficult. The deployment process is not quick. This is the case not just with identity solutions from Microsoft but also in general. There haven't been many implementations or opportunities for identity solutions in Mexico. The projects haven't been successful as they want to see quick resolution and benefits from the solution. Implementing identity solutions involves understanding the organization, integrating various systems, validating security components, and addressing other challenges.  People often feel frustrated because it takes a significant amount of time during the planning phase. There are no significant issues. The main problem with Microsoft Identity Manager is related to identity requests or similar matters.

Moreover, maintenance depends on how the project is initiated because I don't provide extensive support after the implementation. But initially, around five individuals are involved in a company with items, persons, and employees. In the beginning, there were only five products published in the shopping cart, and users can request services or access to systems such as accounting or similar programs. I don't recall the other programs, but there were only five initially. The problem arises when it comes to budget constraints. We publish five products internally and integrate with three systems—human resources, accounting, and IP directory— but there are more systems in existence. We try to create and extend the solution, but the customer needs to assign dedicated personnel to ensure the continuity and smooth operation of the solution. This becomes problematic because they usually reach out to us when they encounter issues like communication problems or misconfigurations. Maintenance or system upgrades are not the primary reasons for their calls.

I have experience with Microsoft Identity Manager as well as the Identity Manager from Quest Software, which was previously owned by VMware.

Overall, I would rate the solution an eight out of ten. However, my experience is based on the planning stage because we haven't had the opportunity to implement it.

We are currently using this solution, and we are also a partner. We have implemented it in different sectors for different use cases. For example, we have implemented it in the financial sector to synchronize and automate lifecycle management. We have also done deployments to only provide self-service for resetting passwords. We also have many deployments related to lifecycle management in schools and the education sector.

It is one of the easiest products to implement, which is one of the main advantages. The integration is easy. Unlike other products, it is not complicated to integrate.

It requires a lot of improvements. Microsoft is killing this product and migrating some of the features to Azure AD. The last version of this solution was 2016. If it is going to stay and integrate with Azure AD, its integration needs to be worked on in terms of connectors, etc. It doesn't seem that they are improving it alone. Microsoft wants to integrate it with Azure AD, but the integration is still not complete. 

Their support is bad, and it should be improved.

I have been using this solution since 2006, but it had a different name at that time. 

It is stable.

It is not scalable. Once you have more than 100K users, it is not scalable. It can't scale and perform at that level.

Their support is bad. I would rate them one out of five.

Its setup is straightforward.

It is easy to implement and integrate, but I would advise keeping it in the scope of only synchronization and not governance. That's because it lacks governance features.

I would rate it a seven out of 10.

The primary use case is for the single migration of the user from on-premises to Azure Active Directory in the cloud. It is also used for the Microsoft authentication application for mobile devices.

We authenticate on the smart device back to back so they can access their emails and other applications.

We are planning to use this for the Windows 10 authentication as well as directly from the Azure Active Directory.

The most valuable and most interesting feature is the conditional access. 

It can provide a low formulation combination based on the extra files that we can work on to verify the solution.

The information that is available for the Active Directory portal is segregated here and there. It's not in one single location where you can see, for example, all of the security features and maybe the customization feature.

In the next release of this solution, I would like to see the manageability, the web-based access to the portal, and the reconfiguration of things to be made simpler and more straightforward.

We have been selling this solution for the last five years.

It's stable, but it's maybe a bit more challenging than I have seen in the last five years.

This solution is scalable. We have plans to increase our usage in the future.

The number of users varies. There can be anywhere from 10,000 to maybe more than 100,000 users, who are made up of IT, administrators, managers, and architects.

We have been in touch with technical support. They are good. Normally they are available to assist and they are knowledgable.

Our previous system was based on an on-premises solution. Now, the on-premises products are integrated with the cloud, which is what made the difference.

The initial setup is straightforward and can be deployed in one week.

It was installed by my internal team.

I would say that it's the best solution on the market and I would go ahead with it.

I would rate this solution a nine out of ten.

The most valuable feature of the solution is the fact that I can use it to track who is sending which email, who is accessing which documents or which files, etc. These tools help me improve security within the enterprise environment.

Support needs improvement. It is very easy to get somebody to help with the implementation of the Microsoft product itself, but when it comes to support it's a challenge as an IT team. You have to tell people, "Well we need to get back to Microsoft" and that can take forever.

Sometimes the waiting process really gets you stuck. If you have deployed a feature in your environment and you're using it and you cannot get the necessary support to be able to get back aspects of it, then it's as if Microsoft has whet our appetite, but then we can't use it any more. It's frustrating for everyone.

I want to be able to have access to somebody from Microsoft to be able to help me when I have challenges.

We have a lot of end users and a few admins. Right now, we have about 180 users on the solution.

On a scale of one to ten, I'd put technical support at seven. There's a lot of room for improvement. What really has helped us is the reviews that are put out by other admins who have been able to resolve the same problems. You can find an identical problem and see its resolution. If you are able to access those reviews, it helps you to navigate and try to solve your problems. That's what helps a lot of the time, as opposed to speaking with an actual person from technical support.

The difficulty of the initial setup is always different. It depends on which application you deploy. Some are complex, some are straightforward. If you're deploying Microsoft XG, it's quite straight forward. If you're deploying something like MGM it's a little more confusing, and you always need somebody to help you to be able to do that. SharePoint is also a little bit confusing to handle. 

Likewise Identity Manager looks a little more confusing in terms of its implementation process. There are other products from Microsoft that are more straightforward to implement or deploy, however.

Over the years Microsoft has improved a lot. We don't have problems like we used to have in previous versions. There's still more room for improvement, however. They have begun listening to their customers, and they are bringing out features that customers are asking for and if I can get that from an OEM it gives me the assurance that everyone is being taken care of.

I would recommend the solution, however if a person is considering implementing it, they need to have a plan. Otherwise, they might start off and only after realize that there are options that weren't implemented well. It's good to always have a plan of what you want to implement something new. Review it and let your team query it, so you know exactly what you are deploying. 

I would rate the solution eight out of ten.

We are currently using a hybrid identity access management solution. We've got an on-premise ADFS that is running a Server 2016 ADFS farm. That is coupled to a Microsoft Identity Management Server 2016, which is then coupled to Azure Active Directory as the cloud-based identity and access management solution.

We're a partner and a reseller. We're a Microsoft Gold Partner and Cloud Platform, and we have achieved the Microsoft competency at the highest level due to our commitment to delivering successful solutions in both on-premises and cloud-based environments. So we are a Microsoft delivery partner and a Tier 2 reseller. In other words, we're reselling Microsoft licenses. 

We're also a deployment partner for Microsoft services, meaning that we can deploy services and migrate customers and design solutions and be involved in adoption and innovation programs on behalf of Microsoft. So we're a big partner in Microsoft solutions.

The feature that I find most valuable is the security layer of the identity and access management solution. The ability to secure on-premise and cloud-based workloads and to provide seamless authentication into hybrid workloads. In addition to cloud-based authentication, we've also got advanced adaptive authentication with a privileged identity management feature for protecting identities.

In terms of the identity and access management solution for an on-premise environment, I think Microsoft needs to eliminate or minimize the number of workloads for the solution to run in an on-premise environment.

For example, you need more instances, more servers on-premise for the whole solution to completely function. You need ADFS servers, farms application proxies, a MIM server, SQL databases, and Cluster databases, which leads to more costs in running and maintaining the solution.

I think Microsoft should minimize the number of instances in terms of hardware and software.

In the next edition, I prefer that Microsoft would start looking at giving the solution the ability to integrate on-premise workloads, specifically Linux on-premise workloads, with the cloud-based identity and access management solution, which is Microsoft Azure Active Directory. Currently, the provided Microsoft identity and access management solution does not have the capability to integrate with a Linux or Unix environment and the cloud-based Azure Active Directory.

I'm satisfied with the stability. It is quite stable these days because Microsoft updates all of its identity management solution technologies monthly. In terms of stability, I'm quite impressed.

I'm not quite impressed with the scalability of the solution, because you need more workloads in terms of scalability. For small businesses, I wouldn't recommend the Microsoft identity and management solution for on-premises environments for SMBs, because they won't see any return on investment since they will still need to invest in hardware, which is quite costly, and also in software. Maintaining the solution in general also requires more workload and instances to operate, so I wouldn't recommend on-premises environment for small businesses.

That is why most of my customers are enterprise customers. They will be best with a complex environment. Specifically, they will have hybrid environments that are running the on-premises MIM, Microsoft Identity Management.

For cloud-based identity and access management solution for Microsoft, specifically the Microsoft Azure Active Directory, it's an excellent solution for small businesses. It's excellent and it's easy to scale because you don't need to be an enterprise business to protect your applications with Azure Active Directory. It's quite good for cloud-based environments.

They provide excellent support. Now when you log a call with them they engage with you until they resolve the solution. They give you a dedicated engineer, a PSE specifically, to come and correct any issues.

To be honest, the on-premise configuration is complex. You need to know what you are doing to successfully deploy the solution. You need components such as an SSL certificate. Also, you can't use a self-signed certificate. You need a certificate with a publicly known CA, such as GoDaddy or DigiCert. Additionally, you need to configure your application proxies, all your ADFS and MIM servers, and also the database servers correctly. It's quite complex, you need to know what you're doing in terms of getting the solution up to speed.

My advice to someone implementing this solution would be to implement the on-premise identity and access management solution if they've got more than 1,000 identities on-premise. I strongly recommend implementing an on-premise environment in that case, or if they are a financial institution, such as a bank or underwriting institution. They also should implement the hybrid deployment, which means there would be an integration of the identity management solution sitting on-premises and a combination of the Azure Active Directory as an identity and access management in the cloud-based environment.

For small businesses, I would recommend that they implement the cloud-based identity and access management solution, leveraging the provided Azure Active Directory by Microsoft.

I'd give Microsoft Identity Manager a rating of nine out of ten. I'm giving it a nine because I'm looking at the hybrid scenario and more strongly on the cloud-based identity and access management solution for Microsoft. It has a lot of features; it has all the bells and whistles of identity and access management, such as adaptive MFA, intelligent graph security API, and being powered by Microsoft Graph API. Also, the multi-factor authentication is easy to set up, with a single button. For Windows environments, you just install one application API, called AD Connect, to sync all the on-premises identity to the Microsoft Azure Active Directory.

The reason why I'm not giving it a ten is that they still need to upgrade their solution to enable a new feature to accommodate Linux and Unix identity directory specifically to integrate with Microsoft Azure Active Directory. It seems as if the company does not want to provide that capability because now they are focusing on growing their own Microsoft Azure cloud, which means they are forcing all those customers that are running the Linux or Unix environment to come and migrate or lift and shift all their Linux or Unix workloads into Microsoft Azure. I think they are focusing on growing their own environment, which is why they are not providing this capability.

Our primary use case for this solution is to secure the identity of our customer. It is required for compliance and for making our systems very secure.

This solution helps in that it adds to our security.

The most valuable feature is that it provides protection for our company documents.

This product integrates with our SharePoint Global Portal.

This product was only launched two or three years ago, and it is still in the process of becoming stable.

We have to make use of the current feature set before looking for new features.

This product was launched two to three years back and it is becoming stable.

The technical support for this solution is ok.

We began using this product because we moved to the cloud. Earlier, we were using on-premise systems and at that time, this kind of security was not needed as much. 

The initial setup was straightforward.

We used a consultant for the deployment of this solution and our experience was ok.

We are not looking specifically for ROI with this product. Rather, it is used for compliance.

I would recommend this product to a colleague at another company.

I would rate this solution a nine out of ten.

We work with Microsoft Active Directory, Azure Active Directory, and Microsoft Services as an identity and access management system. This solution provides privileged identity management single sign-on, so we're focusing on that.

This is an all-encompassing product. The features that we find most valuable are security, mobility, and Single Sign-On.

They have to improve the User Entity and Behavioral Analysis. They have all of these features, scattered around in different components. For example, if a user logs into a computer, from that point the behavior is not completely monitored. Windows Defender is monitoring the action, but if you go into the website, the solution is not capable of understanding it. Therefore, in the case of a user browsing a malicious website, there is no way to identify it.

There should be a way to create a profile for each and every employee. For example, if an employee is searching websites for a job then the organization should be able to identify that and recognize that he's going to leave the company soon. Or, if the user is trying to access a confidential document then that identity should be tagged as a malicious user. You should be able to create metrics or risk levels for a particular user.

Generally, the security features need to be improved so that they do not have to rely on other solutions. Importantly, browser behavior should be integrated. Properties such as what department an employee is in, and what resources they access, as well as the relevant correlations, should all be determined and stored.

This is a stable product that is continuously improving.

It is scalable to any extent, so it is not an issue for this solution.

There are approximately three hundred users, which are employees. Six of them are administrators, and perhaps another ten of them are privileged users who have access to various components of the system.

I would rate the technical support a seven out of ten.

There are different service levels. For example, an enterprise customer will probably have a special service level agreement, but for SMBs, the level is different. So in that, not all customers are treated equally.

The initial setup is simple because a lot of the configuration comes from the on-premises Active Directory. It connects to various other components. If your device has to be enrolled then it is a bit complex, and you need expertise on that.

Our implementation was handled by a Microsoft partner.

I strongly recommend this solution. It encompasses the cloud, on-premises applications, mobility, and on-premises users. The modern enterprise encrypted license is one of the best solutions to go for because of the mobility and security for the workforce, as well as for the company.

I would rate this solution an eight out of ten.

I use Microsoft Identity Manager to help users with different groups, closing different applications, access provision, and for de-provisioning access for different applications.

I deploy the products for my different customers as an offer for my organization. We will deploy this product with 95% of the customers that I'm working with professionally.

With Microsoft Identity Manager, most of the time the organizations actually agree that it is a primary benefit to use them. Since Identity Manager is from Microsoft, there is the assurance that it integrates alphabetically. It also works well with the server. 

Microsoft integration products are strong. That is what I like about the product.

If we compare this Microsoft Identity Manager with Okta or OneLogin, both provide multiple connectors and box connectors. Whereas with Microsoft Identity Manager, there are limits.

Instead of using the connectors from the third-party companies, they should make the Microsoft templates available with this product. If Microsoft would increase the number of the box connectors that would be helpful to all the customers who use it daily. 

Microsoft Identity Manager is good for using in production and increasing recruitment.

One to three years.

The stability of the solution is very good. 

Scalability-wise, Microsoft Identity Manager is good. It is not meant for consumers. It's meant for enterprise identity management, it is not meant for consumer identity management. 

I have implemented for 35,000 users, 40,000 users, and 16,000 users, plus another 5,000 user base. The product can scale in terms of how many users it can hold. It is a combination of multiple admin users, employees, and contractors. Even administrators are also part of Microsoft Identity Manager, but it is a very minimal number.

For deployment, one architect and two implementation consultants would be good and enough to deploy the solution in high-availability after recovery.

With all the high-availability and data recovery concerns, three people would have to be required to deploy. Whereas for the support, it just depends on the user base. If it is a minimal user base we can offer any company shares per user, but if the user base is large, then a dedicated support model is required. 

I had experience dealing with Microsoft customer support when I was working for Behold. The technical support is a little slow. They are a little slow in responding and they take their own time when offering the service. 

I'm happy but I'm not delighted with their support. 

I have deployed Microsoft for multiple customers but I haven't done the migration from One Identity Manager product to MIM. I have deployed various products. 

I haven't migrated from any other identity manager to Microsoft Identity Manager.

If we compare Microsoft Identity Manager to a cloud-based identity management solution, the initial setup is complex. 

If you compare Microsoft Identity Manager with Okta or OneLogin and the direct cloud solutions, these are all fast solutions awaiting only minimal configuration. The number of companies for which we uniquely install Microsoft Identity Manager is a little more than what we allocate fact-based IDM solutions for overall. 

Deployment depends on if the customer requires high availability and disaster recovery strategy, or the number of applications that we need to integrate.

The time that it takes to deploy the solution, integrate applications, and configure the dynamic overflow typically takes around three months. 

The deployment requires a minimum of three months and sometimes it can go up to six months. 

I work for companies who provide the services as an integrator. I work as a systems integrator.

Microsoft Identity Manager comes with the premium or community license. If the customer doesn't have a premium license, the reseller who sells the licenses of Microsoft to the enterprise can extend the license for the client.

Generally, I don't have exposure towards the final figures, but I believe Microsoft is very well in line with other products in terms of pricing.

I was evaluating OneLogin and since I don't have experience with other software, I had to recommend Microsoft Identity Manager on the basis of customer requirements.

The out of the box connectors need to be increased. We can integrate with multiple applications to connect together through using Microsoft Identity Manager.

I would grade Microsoft Identity Manager at 7 or 8 out of 10. I wouldn't give it a ten because of the lack of out of box connectors. I don't see any other drawback in the product.