What is Identity Broker?

To paraphrase an earlier post, FIM Sync would be easy if every system or application was as straight-forward to provision and sync with as the AD or ADLDS connector. It struck me sitting in Chris Cox’s FIM 2010 RC0 training back in January 2009 that with all the attention now on FIM policy and workflow, and all things to PowerShell, it was almost as though there was a blind assumption that this was actually the case. This also seemed to be the assumption during an Omada 6.1 training course in June 2008. The fact that systems such as HR, telephony, ERP and bespoke applications we all need to leverage as sources of truth for identity are anything but that simple was seemingly trivialised. Now we have ECMA2 and it’s even easier than before, right? Well think again. Think about any instance of the AD connector and what FIM Sync features we take for granted here:

  • LDAP API
  • Delta imports
  • Multi-value attributes
  • Multiple object classes
  • Bi-directional attribute flows
  • Change events

Now think about connecting to just about any commercial HR system – e.g. in Australia we have chris21, Aurion HR, SAP, Talent2, Empower HR, Peoplesoft HR … the list goes on. Some of them have APIs and some don’t, but apart from that can you imagine how you would go about building a custom connector to any of these with one or two let alone ALL of the above features? Add to that the fact that most of the data you need to present in a consolidated Person object is invariably stored in at least half a dozen separate but related data stores, and you quickly find you’re compromising performance and usability in order to bring all this information together. After a short while you pretty much find yourself trying to sync apples with oranges … This is why UNIFY’s Identity Broker 4.0 connector platform is a game changer. You could think of it as an proxy LDAP API for application XYZ. Any application or service where there is an Identity Broker Connector for Application XYZ will provide ALL of the above features and some (such as derived attributes and transformations in the connector layer). Now you can sync apples with apples 🙂 … and scale to the millions of apples for good measure. This is not so much a plug for some fantastic technology, but an attempt to dispel some of the confusion and misinformation I’m hearing from people in the market about what Identity Broker is about – not to be confused with FIM Event Broker which by the way leverages any such connector to deliver real time sync too. So today any FIM 2010 training course which continues to sets the same expectation it seemed to in 2009 sits comfortably with me, knowing that this can now be the case. We should all rejoice that more people can take a dip in the FIM pool for themselves (i.e. more CAL sales!) without running into the brick walls of the past. There – I got that off my chest!

Advertisements

About bobbradley1967

Microsoft IAM MVP and Solutions Architect (MCTS, MCP) - FIM/ILM/MIIS Specialist, with 20 years SQL database ( OLAP) and MS.Net applications development/SI background, in particular on the SharePoint platform
This entry was posted in Event Broker for FIM 2010, FIM (ForeFront Identity Manager) 2010, ILM (Identity Lifecycle Manager) 2007 and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s