This is somewhat more of a survey question, than a specific question. (I assume that is still ok).
I work as a consultant doing Identity Management projects. We focus mostly on Novell's Identity Manager product, which we find to be quite good.
I am curious to know what IDM products you have used, and what strengths and weaknesses you have seen in them.
I can start off with Novell's product.
Lots of connectors, that are truly bidirectional, password sync included, not just pushing passwords. (We have deployed the AD, eDir, Notes, AS400, NIS/NIS+, LDAP, JDBC, HTML Screen scraper, TN3270 Screen scraper, SAP HR, SAP UM, Remedy drivers, and there are still many more we have not touched yet like the SAP GRC, Netweaver, RACF/TopSecret/ACF2 drivers)
Event driven, which can be very powerful.
Good workflow engine.
Scalable. (We have a client with 150 eDir and AD drivers in production, 500K users).
Excellent design tools. (Novell Designer for Identity Manager).
Straightforward design language for manipulating events. (DirXML Script).
There are lots of other products out there:
IBM's Tivoli Identity Manager (TIM).
Sun's Identity Manager
Oracle Identity Manager
Courion
Hitachi's (formerly Mtech out of Calgary) ID-Synch and P-Synch
MS ILM
Which have you used, and what has your experience been like? What strengths and weaknesses have you seen?
Best Answer
I've spent some time prototyping Microsoft's Identity Lifecycle Manager a year ago. They've move things around since then, so this may not be accurate of the current state of the product. At the same time I did spend time working with Novell IDM.
ILM had some marked differences from IDM.
Novell IDM really is the top tier of identity management solutions. It has been on the market for the longest and has had a chance to really solidify its feature set and mind-share. Even though it cost w-a-y more than ILM, you really do get what you pay for. In the end, in our environment the cost of ILM versus IDM would have been a wash due to the additional man-hours required to get an ILM-based environment up and running.
In the end we decided that the cheapest way was to continue rolling our own. We already had a home-built system in place, and the cost projections were not that much different than an IDM/ILM implementation project would have been. Inertia won.