Panel Provider for ECMA2

The Panel Provider for the MIM Extensible Connectivity Management Agent (ECMA2) allows data from a bespoke/custom MIM connection to be scanned and updated from the Identity Panel suite of applications.

This is specifically intended for customers who are considering a Transition from MIM to HyperSync in 4 steps – SoftwareIDM and have one or more ECMA2 MIM connectors to negotiate when Migrating MIM Connectors to HyperSync Providers – SoftwareIDM.

For further details refer to the Background section below.

Identity Panel App

The Panel Provider for ECMA2 adds the following capabilities to the Identity Panel App

• Scan objects and attributes for visualization within the Time Traveler 
• Update the ECMA2-connected system (via the ECMA2 framework - see below)

HyperSync Panel App

The Panel Provider for ECMA2 allows using an existing ECMA2-connected system as a data feed for user and/or group identities supporting provisioning to down-stream directories. The provider also allows synchronizing the data account data, such as account name, email address, etc. back to the ECMA2 source system.

The ECMA2 data flow support is determined by the extent to which it is supported by the existing ECMA2 implementation for MIM, including but not limited to the following:

• schema (objects, attributes)
• flow direction (imports, exports)
• import mode (full, delta)
• performance (page size, batch size, timeouts)
• partitions

Service Panel App

The Panel Provider for ECMA2 adds the ability for Service Panel to push data requests back to an ECMA2-connected system using the ECMA2 framework. to the extent that write-back is supported by the existing ECMA2 implementation for MIM.

Test Panel App

Allows for the Test Panel App to create tests in Identity Panel, simulating changes from an ECMA2-connected system feed to the extent supported by the existing ECMA2 implementation for MIM.

Additionally, Test Panel with this Provider allows for the rollback deletion of test case data and results. The capability includes creating, validating (asserting), and removing users simulated user data as part of your overall test case or suite. 

Licensing

This product is licensed per enterprise.

Configuration

• The ECMA2 Panel Provider can access any of the writeback endpoints supported by the existing ECMA2 implementation for MIM.
• Identity Panel workflow integration with an existing ECMA2-connected system can be used to perform lookups for detecting rehires.

Background

Since 2005 when Microsoft launched their first Software Developer Kit (SDK) for MIIS 2003 SP2, developers have been creating Extensible Management Agents (ECMA) for what has since become Microsoft Identity Manager (MIM) in order to connect to a wide variety of corporate, government and educational systems.

Such systems fall into two broad categories, with some falling into both:

• Upstream Sources (corporate HR, student enrolment, contractor management, etc.) and
• Downstream Targets (CRM, LMS, ITSM, etc.).

The original ECMA model was file-based and has long been deprecated by Microsoft in favor of a call-based alternative known as "ECMA2".

In more recent times, Microsoft has released a number of additional management agents (connectors) for MIM, all built on ECMA2, and these are available for download and installation here.  These complement the 3rd party ECMA2 connectors that have existed for many years now, including Soren Granfeldt's extremely popular PowerShell MA., which alone is responsible for an unknown thousands of implementations worldwide.

ECMA Host Architecture

With the advent of the Entra ID HR and App Provisioning (SCIM) technologies, Microsoft have developed the ECMA Connector Host Architecture.  This has been designed to leverage investments made over the years in connecting downstream systems to MIM using the ECMA2 SDK, by re-purposing them to integrate (over SCIM) with Entra ID.  In doing so, applications which today do not yet (or legacy applications that likely never will) appear in the Entra ID App Gallery can now be replumbed into the SCIM App Provisioning model, thereby enabling user and group membership provisioning to that system.  In the Microsoft model, connectivity is achieved via an extension to the AAD Connect on-premises agent.

SoftwareIDM ECMA2 Provider

SoftwareIDM has released the revolutionary HyperSync Panel application as part of the Identity Panel Suite, and this provides the first truly viable migration path from MIM Synchronization.  This is of great comfort for many organizations already looking to future-proof their Microsoft Identity Platform investment before MIM falls out of extended support in 2029.

Until recently, such conversions required further additions to be authored and published in our growing Provider Catalog.  However, not wanting to impose any impediment to the growing HyperSync conversion pipeline, SoftwareIDM is now proud to announce its own Panel Provider for ECMA2.

Using a similar approach to the afore-mentioned Microsoft ECMA Host concept, the SoftwareIDM Panel Service replaces AAD Connect as the extensibility point, providing a "wrapper" for the ECMA2 DotNet assembly to allow connectivity to the target system.  This allows HyperSync customers to transition object and attribute flows away from MIM without the need to transition to an alternative Provider for Identity Panel.

However, the HyperSync/ECMA2 model provides several key advantages over and above the Microsoft ECMA2 Host model:

1. Supported flows are not limited to just users and group-membership - allowing all MIM-configured object classes and attribute flows to be migrated to a HyperSync equivalent;
2. Existing synchronization configurations can be migrated from MIM "as-is" via automated conversion, including the ECMA2 MA parameter configuration as it appears today in MIM;
3. Downstream connected system integration is not limited by the constraints imposed by the Microsoft SCIM paradigm, allowing full bi-directional flow; and
4. Upstream connected systems are fully supported as well as the downstream ones.