It is amazing to me how often I come across products at Microsoft that I haven’t heard of even though I believe I am pretty connected with the company. Microsoft Identity Integration Server 2003 (MIIS) is one of these products and it seems to offer some significant functionality. MIIS “helps you synchronize identity information across a wide variety of identity stores; easily provision and deprovision accounts and identity information across systems.” Wow… cool! So I could have multiple disparate user management systems and, assuming I could get them integrated with MIIS, it would be MIIS that took care of synchronizing each of the user management systems.
The following quote comes from the MIIS Overview document:
In most enterprises today, each individual application or system has its own user database or directory to track who is permitted to use that resource. Identity and access control data reside in tens and hundreds of different directories and applications such as specialized network resource directories, mail servers, human resource, voice mail, payroll and many other applications.
Each has its own definition of the user’s “identity” (name, title, ID numbers, roles, membership in groups). Many have their own password and process for authenticating users. Each has its own tool for managing user accounts, and sometimes dedicated administrators responsible for this task. Further, most enterprises have multiple processes for requesting resources and for granting and changing access rights. Some of these are automated, but many are paper-based. Many differ from business unit to business unit even when performing the same function.
Administration of these multiple repositories often leads to time-consuming and redundant efforts in administration and provisioning. It also causes frustration for users, needing them to remember multiple IDs and passwords for different applications and systems. The larger the organization, the greater is the potential variety of these repositories and the effort required to keep them updated. This labyrinth of inefficient processes and overlapping systems can have significant consequences for:
(Thanks to Stephen Johnson for pointing this application out to me.)