OpenIDM – Identity Management

OpenIDM Logo

OpenIDM 4.5 – What’s new!

Bring multiple sources of identity together for policy and workflow based management that puts you in control of the data. Consume, transform and feed data to external sources in order to maintain control over identity of users, devices and things.

A modern UI experience that allows you manage your data without writing a single line of code, while standard RESTful interfaces give you the ultimate in flexibility to develop as you see fit. Feature overview.

Practical bits

Source code

OpenIDM is open source. You can check out the source code here.

The code is licensed under CDDL.

Official project repository

Get involved!

– The OpenIDM Forum is open for anyone, ask questions, make suggestions, and tell us what you think of OpenIDM.

– Or if you prefer mail, please join our OpenIDM Mailing List.

Contribute to the development of OpenIDM by working on the source code, reviewing our roadmap and making sure our issue/bug tracker is up to date.

Get started!

The chapter Installation Guide in our documentation will take you through the few steps needed to reach ./

Check out our beginners guide blog series (summer 2016):

Part 1 – Introduction
Part 2 – Objects & Relationships
Part 3 – Connectors
Part 4 – Mapping 
Part 5 – User Registration 

If you are into Ansible/Vagrant you could try out this github repository for setting up OpenIDM together with OpenAM and OpenDJ.

Feature overview

OpenIDM feature overview

OpenIDM’s password synchronization, is a service that allows organizations to synchronize passwords in real time to ensure uniformity across all applications and data stores such as Active Directory.

With password synchronization, any user, device, or connected thing authenticates using the same credentials on each resource. This, in tandem with the user self-service feature, significantly reduces helpdesk costs and improves the customer experience, by automating and speeding password reset and management, and ensure compliance with a secure, centralized password policy that makes it easy for legitimate users to access the resources they want.

Leverage OpenIDM’s workflow and business process engine to create, read, update, and delete functions based on workflow-driven provisioning activities. ven engage workflows for self-service actions such as a user or device requesting access to an application, or an administrator handling bulk onboarding or off-boarding.

To simplify defining workflows and business processes, the embedded Activiti module can be used for modeling, testing, and deployment. Activi is based on the standard BPMN 2.0 process definition models, which can not only exchange between different graphical editors, but can also execute as is on any BPMN 2.0-compliant engine. Organizations can easily custom-define workflows and business processes that meet their unique needs.

In addition to passwords, the ability to sync and reconcile other attributes including role and group data between connected systems. OpenIDM connector framework, allows provisioning to managed identities maintained by other identity providers. This connector framework provides a consistent coupled layer between resources and applications. These functions are critical to ensure that identity information is clean, consistent, and accurate throughout the connected resources.

A flexible synchronization mechanism that provides for on-demand and scheduled resource comparisons is a key process for audit and compliance reporting. For organizations that provide services to users, devices, and connected things across multiple, disparate systems, streamlining identity management through synchronization and reconciliation services is essential to the identity administration and provisioning lifecycle.

The Common Audit Framework provides a means to log data consistently across the ForgeRock Identity Platform, and enables you to correlate events and transactions. Audit topics, such as access and activity, can be configured independently delivering the data you want to the appropriate business services.

In addition to the existing handlers for CSV files, JDBC connections, and Syslog, there are now two new handlers available: JMS and Elasticsearch (part of the ELK stack).  When auditing is required, easy access to audit logs will take the pressure off IT organizations that need to demonstrate control and show infrastructure activities.

With complete flexibility in data and object schema, the architecture of OpenIDM enables support for both traditional on-premises applications as well as for cloud service based providers such as Workday, Google Apps, and

Whether using the intuitive, out-of-the-box user interface or the comprehensive REST API, it’s easy to configure and capable of providing user provisioning and administration services to cloud providers without complex customization. As more and more services move to the cloud, it is important for organizations to simplify account creation, updating, deleting, and auditing without the cost and overhead of deploying multiple systems.

An open and well-documented access layer provides the user interfaces and public APIs for accessing and managing the ForgeRock Identity Platform, Identity Management repository and all its functions. RESTful interfaces provide APIs for CRUD operations and for invoking synchronization and reconciliation.

The pluggable scripting engine provides interfaces to both Javascript and Groovy out of the box. User interfaces provide password management, registration, self-service, and workflow services.

As organizations change, it’s critical that their identity infrastructure changes along with them–which is why the open framework for developers is critical. An open framework provides developers with direct access to manage functionality at will.

OpenIDM makes it possible to visualize identity relationships between any user, device, or thing from the management console. Drill down on each node or object for more detailed information about each relationship. Additionally, gain a deeper understanding of managed identities by embedding reports built from the Kibana open source platform right into the management console. Build custom dashboards based on business requirements and easily share reports and dashboards with others.

  • User self-service significantly reduces helpdesk costs and increases user
    productivity by automating password reset and enforcing an audit-able centralized password policy
  • Streamlines registration and access requests to external source such as applications, and logs request events for auditing
  • Out-of-the-box end user self-service and registration UI that can be easily customized
  • Provides workflow-driven provisioning and deprovisioning activities, whether for self-service actions such as requests for access, or for admin actions such as updating entitlements, on/off boarding, bulk sunrise or sunset enrollments, handling approvals with escalations
  • Embedded Activiti module that includes many different workflow templates and can be used for modeling, testing, and deployment
  • Industry-standard BPMN 2.0 process definition models, can be easily created and edited using any BPMN graphical editor, or execute on any BPMN 2.0-compliant engine
  • OpenIDM leverages the new OpenICF 1.4 framework (Open Source Identity Connector Framework) for connector development
  • New OpenICF Cloud connectors include a Generic Scripted Connector (allows integration with anything that Groovy supports; REST, SOAP, JDBC, JSON etc)
  • PowerShell Connector allows you to write and consume PowerShell and PowerShell Cmdlets for simplified integration with Microsoft technologies such as Office 365 and Exchange.
OpenIDM Slides and Video

OpenIDM with OpenDJ

Identi-Tea Podcast: Episode 4 – The Rodeo of Things

OpenIDM blog posts

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?