MIM Migration Options

Microsoft Identity Manager (MIM) reaches end-of-life in January 2029. Organizations relying on MIM face the end of support, rising technical risk, and shrinking access to expertise. But the bigger problem? Years of accumulated technical debt, custom scripts, brittle workflows, and often manual processes that were never built to scale.

Replacing MIM isn’t just an IT upgrade. It’s a strategic opportunity to modernize your identity operations and align with today’s business agility, compliance, and Hybrid IGA automation demands.

For most customers, MIM licensing was previously covered under a Microsoft Enterprise Agreement. When exploring alternatives, licensing costs and time to deploy become significant considerations alongside efforts to minimize the complexity of migrating current business logic and maintaining feature parity. Due to FIM/MIM’s long-standing use across the industry, many of the original administrators who designed and implemented these workflows have moved on or transitioned out of those roles, leaving behind legacy technical debt that must also be addressed during this migration process.

There is no “One Size Fits All” for MIM migrations. Some customers are using the built-in MIM Sync Rules while others have built complex custom workflows with business logic defined over years or a decade. Since FIM/MIM is 15+ years old it is important to not just “Lift and Shift” but to Modernize your Identity Governance processes for Hybrid Identities and the Cloud.

Common Licensing Options

1. Per User / Per Month (PUPM) licensing is a common monthly subscription model normally with a 1-to-3-year commitment that is based on the total number of User identities in scope of that product.
   • Frontline Workers (FLW) and Contractors tend not to be licensed due to additional costs, which then forces customers to use some other Out of Band or manual process to manage those identities.
   • Industries like retail, manufacturing, and health care often incur higher licensing costs due to seasonality and higher turnover rates.
2. Per Connector licensing is a yearly cost model on the number of connectors deployed regardless of User identities. This allows customers to control seasonality and higher turnover with fixed predictable costs and include FLW and Contractors in the same processes reducing administrative overhead and support tickets.

Common Migration Options

1. Microsoft Entra IGA / LifeCycle Workflow (LCW)
   • Licensing
     • PUPM for the total number of User identities in your Entra tenant.
     • Monthly $7 USD per User identity in addition to the required Entra P1/P2 license.
     • Minimum 1 year commitment, normally 3 years to align with the customer Enterprise Agreement.
   • Pros
     • Customers stay within the Microsoft ecosystem for less complicated deployments. 
     • Integrates with other Microsoft 1st party services, providing a unified experience for organizations already using Microsoft products.
   • Cons
     • Limited customization options. Uses Logic Apps, Inbound Provisioning API, LifeCycle Workflow tasks, and Azure Functions which are often new skill sets to learn.
     • No feature parity with MIM 2016 for complex deployments and can be difficult to manage with lots of workflows.
     • No Universal Directory to store schema extensions for advanced governance requirements.
2. READI Connector Studio
   • Licensing
     • Per Connector licensing.
     • Connector packs start with 10 Connector – Stater Pack to unlimited enterprise.
     • Minimum 1 year commitment.
   • Pros
     • Workflow transformation and attribute mapping are done natively in the Connector. For complex requirements scripting is available, which extends the power and flexibility of Connector Studio.
     • Includes a Unified Directory to store unique customer schema extensions for advanced governance.
     • Customers can build custom Connectors for internal home grown or disconnected applications.
     • Connectors are typically deployed in days and weeks, not months and years.
   • Cons
     • IGA completeness compared to other enterprise IGA vendors.
     • Newer, disruptive IGA technology platform.
3. SailPoint or Saviynt
   • Licensing
     • PUPM for the total number of User identities in scope.
     • Minimum 1 year commitment, typically 3-year contracts.
   • Pros
     • SailPoint offers a broad set of features for identity governance.
     • More suitable for large enterprises with complex identity governance needs with a dedicated IAM team.
   • Cons
     • Setup can be complex and often requires extensive coding.
     • Deployment times are often long and include additional consulting costs up to 2-3 times the software purchase price and span over years.
     • FLW and Contractors are often not in the scope of PUPM licensing due to the increased cost, requiring a different process for high turnover identities.

Conclusion

Customers need to understand their existing FIM/MIM deployment, the complex workflows, connectors (aka Management Agents), and future requirements before selecting a migration path. Four years seems like a lot of time to make these decisions but in reality, it isn’t with today’s fast-paced business environment.

READI is a modern identity automation platform that delivers everything you need to replace MIM faster, with agility and less risk and cost, and without starting from ground zero again! It combines powerful automation with flexible identity orchestration and an extensible Unified directory to give you the granular control MIM once offered, with the speed and governance today demands!

Don’t just replace MIM. Upgrade it!

READI is the modern identity platform your future operations deserve.