Notice: will be retired soon. Please visit our new site at

Complementing Forefront Identity Manager

For Simplified Identity and Access Management

Quest One Identity Solutions can fill functionality gaps in your existing identity and access management (IAM) framework; Microsoft’s Forefront Identity Manager (FIM) is no exception. Quest One enhances FIM with increased functionality, an expanded scope for Active Directory and targeted optimization to make FIM more powerful and easy to manage, while accelerating the deployment and time-to-value of FIM. 

When paired with Quest One, FIM becomes a complete solution with the flexibility to precisely address the IAM objectives of your hetergeneous organization.

    RBAC, Role Management & Role Mining

  • Enables hierarchical role development for role management that can define a group of employees, analyze their existing permissions and create new roles.
  • Derives IT roles from organizational structures (i.e., location or department). Thus, all employees belonging to this structural unit inherit the specified permissions.
  • Accesses the data in FIM's Metaverse. Quest One can mine and create roles and membership in these roles, which can be automatic or subject to approvals. (Exceptions can be made on the basis of rules or decisions by contributors via workflow.)

    Entitlement-Level Attestation & Recertification

  • Expands on FIM's existing attestation and recertification with the ability to track application entitlements, e.g., SAP permissions, at a very deep level.
  • Empowers managers or others responsible for compliance to governance policies and regulatory legislation to certify access permissions, authorizations, requests and exception approvals.

    Real-Time Conflict Resolution

  • Sends real-time alerts when changes to Quest One object models (e.g., identities, roles or entitlements) violate pre-defined rules. 
  • Makes exceptions using FIM to transparently call on workflow exceptions defined within Quest One.
  • Applies rules for compliance, separation of duties and more each rule can have as wide or narrow a scope as needed. Rules are made in a visual editor, so no coding is required. 


  • Makes Unix, Linux, Java and Mac systems "full citizens" in Active Directory, eliminating the need for custom FIM connectors for these systems.
  • Integrates a high number of non-Windows systems, platforms and applications with Active Directory.
  • Reduces costs and accelerates FIM deployments by eliminating much of the custom integration work required of non-Windows systems. 

    Administration and Operation

  • Leverages PowerShell for simplified FIM task execution across multiple Microsoft platforms.
  • Extends the scope of Windows Group Policy to include Unix, Linux, Mac and many applications.
  • Unifies management around the proven tools already in place.
  • Centralizes auditing and reporting across the heterogeneous environment.