Microsoft Forefront Identity Manager (FIM) is the successor to Microsoft Identity Lifecycle Manager (ILM). The core focus areas of FIM are managing policy, managing credentials, managing and provisioning users and groups, access control, and compliance. The product includes a Credential Management (CM) feature for use in environments that have a Public Key Infrastructure (PKI) and need to provide self-service and policy-based certificate management. While FIM is typically thought of as a solution for smart-card enrollment and life-cycle management, it excels at providing policy management for any certificate type. In light of the new product name, the community has struggled to differentiate between what was the synchronization engine and the product itself, not wishing to drag CM into what has typically been an MIIS/ILM/FIM conversation. In cases where differentiation is important, the two server products are usually referred to as the “sync engine” and Certificate Lifecycle Manager (CLM); however, for the purposes of simplification in this chapter, we will use the term ILM to refer to the sync engine.

FIM is a robust .NET application platform built on Microsoft’s highly successful database platform—SQL Server. FIM provides services for the synchronization and reconciliation of identity data, and in some cases passwords, between multiple disparate repositories, including (but not limited to):