[midPoint] existing 'IGA' ; dev / test /production

Stone, Robin stonerd at longwood.edu
Fri Mar 20 14:45:32 CET 2026 

I am at a small University where we are currently implementing midPoint and positioning it to take over from a collection of IAM systems, some home grown, into a cohesive and single system.
I can tell you that so far, working with outside consulting help, its going well. My two biggest hurdles have been:


  1.  Deciding where the vast majority of my business rule logic will live. For example I pull data from our ERP and Student Management System into a single view where I use data elements to determine thing like unique account names (sAccountNames and email addresses) to insure uniqueness as well as other base elements. I then use the table connector to bring that data into midPoint where provision logic lives. At first I was doing everything in my view and quickly decided that idea was a nonstarter.
  2.  The second hurdle was not getting ahead of myself. We've decided to implement in small chuncks. For example complete the provisioning students before worrying about staff and faculty. It's quite natural, for me at least, to think about things as a whole and that can lead to confusion and frustration.

So to answer your question more directly from a user standpoint... I think midPoint is capable of being the unified system. Good luck.


Robin Stone
Senior Windows System Engineer
Longwood University
Information Technology Services
[cid:image001.png at 01DCB84E.4AAACE20]<https://www.longwood.edu/>



From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Anwar Mahmood via midPoint
Sent: Wednesday, March 18, 2026 1:24 PM
To: midpoint at lists.evolveum.com
Cc: Anwar Mahmood <anwar.mahmood at outlook.com>
Subject: [midPoint] existing 'IGA' ; dev / test /production

CAUTION: This is an EXTERNAL email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello,

Midpoint looks amazing!

I'm curious.
imagine I have an established  non-trivial identity environment;

  *   AD DS

  *   Microsoft Entra ID

  *   on premises applications

     *   IIS

     *   Accounts

     *   Marketing

     *   etc

  *   SaaS applications that...

     *   ...use OIDC and SAML to authenticate to Microsoft Entra ID

     *   ...some use SCIM for provisioning

     *   some use FTP uploads

  *   DBs as 'source of truth' for different user profiles
Over the years, there is a high degree of integration, and it is custom.
It does some of the things that we would now call an IGA platform.
It does what it does really well. It's just that we need it to do more, and that isn't easy.
When a user in a DB is ready to provision, they are provisioned through AD DS, home directory, NTFS quota, Microsoft Entra Connect Sync to propagate to Microsoft Entra ID. Then, another PowerShell script licenses them and sets SSPR details, configures their Exchange Online mailbox. Another process notifies the user at their personal email address that their account is ready to use.
Real time; mature; works.
LOTS more connectors, of course.
I have a dev and test instance of AD DS and Microsoft Entra ID, but not all apps. Some SaaS apps do have test instances, but they are connected to the production Microsoft Entra ID instance [it's test for the user, but not in terms of identity]
It is going to be complicated.
Q: How easy is it to deploy Midpoint IGA when there is already an existing 'IGA' platform

Q: Do I need to establish a [permanent] dev instance of Midpoint + AD DS + Microsoft Entra ID so I can do IGA safely, and setup the connectors?
These are very much the low level elements.
May be it's...

  *   you should - it makes things easier - but we're a 200K user company and we managed fine with only test and production

  *   etc
Really appreciate your thoughts!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260320/5d8a1a63/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 8892 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260320/5d8a1a63/attachment-0001.png>

More information about the midPoint mailing list