FIM vs EmpowerID - Building Identity Bridges That Scale

Posted by Chris Hayes on Mon, Aug 03, 2015

Microsoft FIM/Identity Manager is one of those tools that many organizations start out with when dealing with identity synchronization projects.  Testing the waters many times it's setup to flow identities and attributes to and from an HR database or even another Active Directory Forest.  When dealing with a few identities it works well enough but start asking it to deal with 10's of thousands of identities and millions of attribute changes and you had better clear your calendar for the rest of the week.

bridge01

The problem many start to recognize is that the FIM sync engine is like a single lane bridge between identity stores.  Works great when you are servicing a very small town but when you are trying to service a busy city things will start backing up quickly.  The result of this architectural limitation of FIM can cause sync jobs can run days, even a week and in today's instant on/instant off world this can create serious issues.  When you disable an account in your directory store, expectations are that the change will be reflected in other directories pretty quickly, not in a week.

baybridge2.0831

 

EmpowerID was built from the ground up to be truly scalable, each lane can be another EmpowerID server checking in to help process sync jobs to other identity stores.  Our distributable and scalable multi-instance sync engine is capable of handling the largest and most demanding environments with billions of objects being handled on time, every time.

The EmpowerID Inventory and Sync engines manage data housed in the Metadirectory allowing you to determine attribute flow between connected systems following these flow rules which you can configure for each account store we connect to.

  • No Sync: When this option is selected, no information flows between EmpowerID and the native system.
  • Bidirectional Flow: When this option is selected, changes made within EmpowerID update the native system and vice-versa.
  • Account Store Changes Only: When this option is selected, changes can only be made in the native system and are then passed to EmpowerID.
  • EmpowerID Changes Only: When this option is selected, changes can only be made in EmpowerID and are then passed to the native system.

EmpowerID has created the best sync engine in the world giving you fine grained control over all aspects identity, group, role and attribute synchronization.  Give us a call or click the link below for a quick demo of the EmpowerID difference.

Request a Demo