Microsoft Identity Manager (MIM) End of Support: Your Migration Options

Microsoft Identity Manager (MIM) extended support runs until January 2029. If your organization still relies on MIM for identity provisioning, now is the time to plan your next move.

MIM has served enterprises well for over a decade. But Microsoft has made it clear: MIM’s future is limited. The platform receives only security patches, no new features, and its architecture is fundamentally tied to on-premises Active Directory in an era where hybrid and cloud-first identity is the standard.

What happens after MIM?

Microsoft’s own recommendation is Microsoft Entra ID Governance for cloud-native organizations. But for enterprises with complex on-premises infrastructure, hybrid AD environments, and custom provisioning workflows, Entra ID Governance alone may not cover all use cases.

This is where open-source alternatives like Evolveum midPoint become compelling.

Why midPoint is a strong alternative

• Full lifecycle management: joiner, mover, leaver automation with HR integration, just like MIM but without the deprecated architecture
• ConnId connector framework: midPoint connects to the same targets MIM does: Active Directory, LDAP, databases, REST APIs, SOAP services, CSV feeds, and SCIM endpoints
• No per-user licensing: midPoint is open source. You pay for implementation and support, not per-identity fees that scale with your organization
• Modern deployment: runs natively on Kubernetes with GitOps-based configuration management, Helm charts, and full CI/CD pipeline support
• Built-in governance: role-based access control, access certification campaigns, segregation of duties, and audit-ready compliance reporting for GDPR, NIS2, and ISO 27001

Planning the migration

A MIM to midPoint migration typically involves these phases:

1. Assessment: Map your current MIM configuration: management agents, sync rules, provisioning workflows, and custom extensions. Identify which connectors and business logic need to be replicated.

2. Architecture design: Define the midPoint deployment model (Kubernetes, Docker, or bare metal), HR source of truth integration, and connector architecture.

3. Connector development: Build midPoint ConnId connectors for each target system. Many standard connectors (AD, LDAP, database, CSV) are available out of the box.

4. Parallel operation: Run MIM and midPoint side by side during the transition period. Validate identity data consistency across both systems.

5. Cutover: Switch production traffic to midPoint with zero downtime. Decommission MIM.

The cost of waiting

January 2029 sounds far away, but enterprise identity migrations are complex projects. A typical migration takes 6 to 12 months depending on the number of connected systems and custom business logic. Starting in 2026 gives you comfortable runway. Starting in 2028 means rushing, cutting corners, and accepting risk.

Our experience with MIM migrations

At WeKnowIdentity, we have delivered 10+ enterprise midPoint deployments managing up to 1,000,000+ identities. Our founder holds four Evolveum midPoint certifications (Professional, Advanced, Deployment, Group Synchronization) and has hands-on experience with MIM migration projects.

We work across telecom, finance, government, healthcare, education, and technology sectors in Slovakia, Switzerland, Germany, Austria, and Poland.

Ready to plan your migration?

Contact us for a free initial assessment. We will evaluate your current MIM setup, map the migration path, and provide a realistic timeline and roadmap to midPoint.

Related Resources

• Learn more about our midPoint consulting and implementation services
• View all WeKnowIdentity IAM services
• Read our enterprise midPoint case studies
• More articles on IAM migration and midPoint

Related: For a comprehensive side-by-side analysis of open source and commercial IGA platforms, read our full guide: midPoint vs Commercial IGA: Which Approach Fits Your Enterprise?