<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Aptos;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:218518266;
mso-list-template-ids:240302870;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:472647023;
mso-list-type:hybrid;
mso-list-template-ids:196131688 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2
{mso-list-id:1007055321;
mso-list-template-ids:-977657904;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">I am at a small University where we are currently implementing midPoint and positioning it to take over from a collection of IAM systems, some home grown, into a cohesive and single system.<o:p></o:p></p>
<p class="MsoNormal">I can tell you that so far, working with outside consulting help, its going well. My two biggest hurdles have been:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Deciding where the vast majority of my business rule logic will live. For example I pull data from our ERP and Student Management System into a single view where I use data elements
to determine thing like unique account names (sAccountNames and email addresses) to insure uniqueness as well as other base elements. I then use the table connector to bring that data into midPoint where provision logic lives. At first I was doing everything
in my view and quickly decided that idea was a nonstarter. <o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">The second hurdle was not getting ahead of myself. We’ve decided to implement in small chuncks. For example complete the provisioning students before worrying about staff and faculty.
It’s quite natural, for me at least, to think about things as a whole and that can lead to confusion and frustration.<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So to answer your question more directly from a user standpoint… I think midPoint is capable of being the unified system. Good luck.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="line-height:16.0pt"><b><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#2F5496">Robin Stone<o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:13.0pt"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#2F5496">Senior Windows System Engineer<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:13.0pt"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#2F5496">Longwood University<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:13.0pt"><span style="font-size:9.0pt;font-family:"Verdana",sans-serif;color:#2F5496">Information Technology Services<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://www.longwood.edu/"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#003DA5;text-decoration:none"><img border="0" width="300" height="48" style="width:3.125in;height:.5in" id="Picture_x0020_1" src="cid:image001.png@01DCB84E.4AAACE20"></span></a><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#2D2D2D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> midPoint <midpoint-bounces@lists.evolveum.com> <b>
On Behalf Of </b>Anwar Mahmood via midPoint<br>
<b>Sent:</b> Wednesday, March 18, 2026 1:24 PM<br>
<b>To:</b> midpoint@lists.evolveum.com<br>
<b>Cc:</b> Anwar Mahmood <anwar.mahmood@outlook.com><br>
<b>Subject:</b> [midPoint] existing 'IGA' ; dev / test /production<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:solid #9C6500 2.25pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal" style="line-height:16.0pt;background:#FFEB9C"><span style="font-size:14.0pt;color:#9C6500">CAUTION:
</span><span style="font-size:14.0pt;color:black">This is an EXTERNAL email. Do not click links or open attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">Hello,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">Midpoint looks amazing!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">I'm curious.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">imagine I have an established non-trivial identity environment;<o:p></o:p></span></p>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">AD DS<o:p></o:p></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">Microsoft Entra ID<o:p></o:p></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">on premises applications<o:p></o:p></span></li></ul>
</div>
<div>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">IIS<o:p></o:p></span></li></ul>
</ul>
</div>
<div>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">Accounts<o:p></o:p></span></li></ul>
</ul>
</div>
<div>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-list:l0 level2 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">Marketing<o:p></o:p></span></li></ul>
</ul>
</div>
<div>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">etc<o:p></o:p></span></li></ul>
</ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-list:l0 level1 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">SaaS applications that...<o:p></o:p></span></li></ul>
</div>
<div>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">...use OIDC and SAML to authenticate to Microsoft Entra ID<o:p></o:p></span></li></ul>
</ul>
</div>
<div>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">...some use SCIM for provisioning<o:p></o:p></span></li></ul>
</ul>
</div>
<div>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-list:l0 level2 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">some use FTP uploads<o:p></o:p></span></li></ul>
</ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span style="font-size:12.0pt;font-family:"Aptos",serif">DBs as 'source of truth' for different user profiles<o:p></o:p></span></li></ul>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">Over the years, there is a high degree of integration, and it is custom.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">It does some of the things that we would now call an IGA platform.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">It does what it does really well. It's just that we need it to do more, and that isn't easy.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">When a user in a DB is ready to provision, they are provisioned through AD DS, home directory, NTFS quota, Microsoft Entra Connect Sync to propagate to Microsoft Entra
ID. Then, another PowerShell script licenses them and sets SSPR details, configures their Exchange Online mailbox. Another process notifies the user at their personal email address that their account is ready to use.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">Real time; mature; works.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">LOTS</span></b><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black"> more connectors, of course.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">I have a dev and test instance of AD DS and Microsoft Entra ID, but not all apps. Some SaaS apps
<i>do</i> have test instances, but they are connected to the production Microsoft Entra ID instance [it's
<i>test</i> for the user, but not in terms of identity]<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">It is going to be complicated.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">Q: How easy is it to deploy Midpoint IGA when there is already an existing 'IGA' platform<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black"><o:p> </o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">Q: Do I need to establish a [permanent] dev instance of Midpoint + AD DS + Microsoft Entra ID so I can do IGA safely, and setup the connectors?<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">These are very much the low level elements.<o:p></o:p></span></p>
</div>
<div style="margin-top:12.0pt;margin-bottom:1rem">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">May be it's...<o:p></o:p></span></p>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo2">
<span style="font-size:12.0pt;font-family:"Aptos",serif">you <i>should</i> - it makes things easier - but we're a 200K user company and we managed fine with only test and production<o:p></o:p></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-list:l2 level1 lfo2">
<span style="font-size:12.0pt;font-family:"Aptos",serif">etc<o:p></o:p></span></li></ul>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Aptos",serif;color:black">Really appreciate your thoughts!<o:p></o:p></span></p>
</div>
</div>
</div>
</body>
</html>