In today’s digital age, managing identities and access efficiently and securely is crucial for any organization, whether you rely on a homemade PowerShell script or have a comprehensive IAM system in place. With a multitude of IAM/ILM solutions available, choosing the right one for your business can be a daunting task.
In this blog post, we will explore some of the leading IAM/ILM systems, examining into their features, benefits, and potential drawbacks. Our goal is to provide you with information on each option to help you in your decision. It’s important to note that this guide does not rank these systems in any particular order. Instead, we focus on presenting the pros and cons of each, allowing you to weigh the options based on your specific needs and priorities.
Microsoft Identity Manager (MIM)
Being a big player in the IAM/ILM world, Microsoft Identity Manager offers several pros and cons.
Pros:
- Free synchronization motor included with Microsoft Entra ID P1 or P2 license.
- Can integrate with tons of various systems with the powerful Extensible Connectivity Management Agent (commonly referred to as ECMA2)
- Very robust synchronization motor
- Highly flexible due to the ability to integrate with numerous systems.
Cons:
- Requires knowledge and experience due to its intricate installation and configuration process
- End of life 2029 (as by 2024)
- Is based on synchronization, not on events or triggers.
- Requires custom development to integrate with Entra ID
Okta Lifecycle Management (LCM)
Okta LCM provides a comprehensive solution for automating user provisioning and deprovisioning, streamlining access management, and ensuring compliance with security policies. It integrates with a wide range of applications and systems. However, like any solution, it comes with its own set of pros and cons that organizations need to evaluate based on their specific needs and requirements.
Pros:
- The initial setup and basic configuration are relatively straightforward and do not demand extensive experience or expertise compared to other more complex IAM/ILM systems.
- It integrates well with a wide range of applications, cloud services, and on-premises systems, making it versatile.
- A wide array of governance (IGA) capabilities
- Great logging and audit functionality
- Comprehensive and accessible documentation and guides
Cons:
- While Okta LCM offers robust features, the cost associated with licensing and implementation may be higher compared to some other IAM solutions.
- Exclusively cloud-based, which might not be feasible for certain companies and organizations.
- Customization options in Okta LCM are often influenced by Okta’s development roadmap. New features or enhancements may be prioritized based on broader customer needs, which could impact the availability and timing of specific customization requests.
- Migrating from existing IAM solutions or integrating Okta LCM with legacy systems demands careful planning and possibly extra resources to ensure a smooth transition.
Sailpoint IdentityIQ
Another major player frequently discussed in the IAM/ILM field is SailPoint, particularly their on-premises IdentityIQ solution.
Pros:
- IdentityIQ’s greatest strength lies in its robust and flexible capabilities in identity governance and administration (IGA). It provides a wide range of IGA capabilities, including certifications, role management, workgroups, access controls, policy enforcement, and audit functionalities.
- IdentityIQ is highly versatile, capable of integrating with nearly every system imaginable.
- One advantage of Sailpoint is its active user community, which consistently develops integrations for widespread use.
Cons:
- IdentityIQ is among the pricier solutions available on the market.
- Simple tasks and integrations often necessitate the development of custom Java code.
- Integrations that are typically considered straightforward often tend to appear unnecessarily complex. This complexity often originates from the requirement for custom Java development.
- Becoming proficient in IdentityIQ requires considerable time and practice.
- The educational courses offered by Sailpoint are renowned for their high cost.
NetIQ Identity Manager
NetIQ’s Identity Manager (IDM) solution, first released in 2003, has a long-standing presence in the IAM/ILM industry and is known for its flexibility and versatility.
Pros:
- With the ability to create custom integrations, known as drivers in IDM, Identity Manager can connect with a very wide variety of source and target systems.
- Being an event driven lifecycle management system, changes can be done Just-in-Time (JIT) with no remarkable delay.
- A standout feature of IDM is its Designer tool, an interface dedicated to designing, testing, documenting, and deploying Identity Manager solutions without impacting the operational environment.
Cons:
- IDM can be complex to implement and manage, requiring specialized knowledge and expertise.
- NetIQ’s Designer tool is complemented by iManager, a web interface primarily used for managing the metaverse (referred to as eDirectory in IDM). However, both interfaces (iManager and Designer) are not particularly modern in their design.
- Users and administrators may face a steep learning curve when first adopting the system, requiring comprehensive training and potentially longer onboarding times.
Microsoft Entra ID Governance
Entra ID, previously known as Azure, is a well-established cloud-based IAM platform from Microsoft, widely recognized in the industry.
Pros:
- Seamless integration with Microsoft’s suite of products and services, providing unified identity management across Entra ID, Office 365, and more.
- The Entra ID community provides extensive documentation, guides, and support.
- One advantage of Entra ID governance is that many organizations already utilize Entra ID for other aspects of their IT infrastructure, making it practical to consolidate everything within the same system.
Cons:
- The Entra ID Governance license offers numerous options to customize lifecycle management, such as utilizing customizable workflows tailored to your organization’s requirements, but it comes at a significant cost ($7 per user as of July 2024).
- While dynamic groups can be created in Entra ID, its filtering capabilities have limitations, which many other IAM/ILM systems often address more effectively.
- Given the variety of systems and areas within Entra ID, users may find it challenging to navigate and understand, especially if they are not accustomed to the platform.
In summary, summarizing all the pros and cons of these five IAM/ILM solutions in a single blog post would make it too lengthy. The insights shared here are based on our firsthand experiences and observations from working with these platforms over time.
All of these IAM/ILM solutions share a common requirement: they demand varying degrees of experience and knowledge to set up, maintain, and configure. This need inspired us to create Adcyma, aiming to help organizations simplify their IAM environment without the need for expensive competencies.