If you have a new MIM solution being deployed, you will have to decide when to scan MIM. Typically, scans are performed following each import, synchronization, and export. However, every object changing, scan times can be significant. Additionally, changes in the MIM while it is first loading may not be of value and create confusion for those time traveling. Therefore, we recommend that you load MIM completely, without export, and then perform a full scan if and when time allows, and then use MIM going forward.
If you scan MIM with Identity Panel after you load MIM, ready for export, Identity Panel can product export reports in Excel format that you can evaluate for accuracy.
Before your MIM go-live, you can begin using Identity Panel providers to collect data from the target systems. A typical use case is scanning Active Directory using the Directory Provider. This will allow to to record before and after changes to AD objects, with information from below MIM was implemented.
Suggested Action Plan:
- Break your go-live into sections, and create schedule sequences in Identity Panel to automate these. Set Disable History to avoid the time-loss of data collection.
- If your go-live includes an initial load population:
- Import and join all your accounts with all export rules and portal mappings removed. This helps performance while you get everything joined up and your MV populated.
- After importing and joining accounts, backup and restore your MIM database onto a different server. Install the MIM Sync service, and start an Identity Panel full scan while you continue syncing the main server
- Before running any exports, use Identity Panel to generate pending export reports and review them carefully
- Do your exports, confirming imports, and delta syncs
- Take another snapshot backup for a full scan. Each snapshot+full-scan gives you point-in-time data you can restore with MIM Test if you accidentally export bad data.
- Activate your regular schedule, but with pauses for export reports (for close monitoring). Turn on Identity Panel data collection.
Please sign in to leave a comment.