Bring multiple sources of identity together for policy and workflow based management that puts you in control of the data. Consume, transform and feed data to external sources in order to maintain control over identity of users, devices and things.
A modern UI experience that allows you manage your data without writing a single line of code, while standard RESTful interfaces give you the ultimate in flexibility to develop as you see fit. Feature overview.
On this page:
OpenIDM’s password synchronization, is a service that allows organizations to synchronize passwords in real time to ensure uniformity across all applications and data stores such as Active Directory.
With password synchronization, any user, device, or connected thing authenticates using the same credentials on each resource. This, in tandem with the user self-service feature, significantly reduces helpdesk costs and improves the customer experience, by automating and speeding password reset and management, and ensure compliance with a secure, centralized password policy that makes it easy for legitimate users to access the resources they want.
Leverage OpenIDM’s workflow and business process engine to create, read, update, and delete functions based on workflow-driven provisioning activities. ven engage workflows for self-service actions such as a user or device requesting access to an application, or an administrator handling bulk onboarding or off-boarding.
To simplify defining workflows and business processes, the embedded Activiti module can be used for modeling, testing, and deployment. Activi is based on the standard BPMN 2.0 process definition models, which can not only exchange between different graphical editors, but can also execute as is on any BPMN 2.0-compliant engine. Organizations can easily custom-define workflows and business processes that meet their unique needs.
In addition to passwords, the ability to sync and reconcile other attributes including role and group data between connected systems. OpenIDM connector framework, allows provisioning to managed identities maintained by other identity providers. This connector framework provides a consistent coupled layer between resources and applications. These functions are critical to ensure that identity information is clean, consistent, and accurate throughout the connected resources.
A flexible synchronization mechanism that provides for on-demand and scheduled resource comparisons is a key process for audit and compliance reporting. For organizations that provide services to users, devices, and connected things across multiple, disparate systems, streamlining identity management through synchronization and reconciliation services is essential to the identity administration and provisioning lifecycle.
The Common Audit Framework provides a means to log data consistently across the ForgeRock Identity Platform, and enables you to correlate events and transactions. Audit topics, such as access and activity, can be configured independently delivering the data you want to the appropriate business services.
In addition to the existing handlers for CSV files, JDBC connections, and Syslog, there are now two new handlers available: JMS and Elasticsearch (part of the ELK stack). When auditing is required, easy access to audit logs will take the pressure off IT organizations that need to demonstrate control and show infrastructure activities.
With complete flexibility in data and object schema, the architecture of OpenIDM enables support for both traditional on-premises applications as well as for cloud service based providers such as Workday, Google Apps, and Salesforce.com.
Whether using the intuitive, out-of-the-box user interface or the comprehensive REST API, it’s easy to configure and capable of providing user provisioning and administration services to cloud providers without complex customization. As more and more services move to the cloud, it is important for organizations to simplify account creation, updating, deleting, and auditing without the cost and overhead of deploying multiple systems.
An open and well-documented access layer provides the user interfaces and public APIs for accessing and managing the ForgeRock Identity Platform, Identity Management repository and all its functions. RESTful interfaces provide APIs for CRUD operations and for invoking synchronization and reconciliation.
As organizations change, it’s critical that their identity infrastructure changes along with them–which is why the open framework for developers is critical. An open framework provides developers with direct access to manage functionality at will.
OpenIDM makes it possible to visualize identity relationships between any user, device, or thing from the management console. Drill down on each node or object for more detailed information about each relationship. Additionally, gain a deeper understanding of managed identities by embedding reports built from the Kibana open source platform right into the management console. Build custom dashboards based on business requirements and easily share reports and dashboards with others.
- User self-service significantly reduces helpdesk costs and increases user
productivity by automating password reset and enforcing an audit-able centralized password policy
- Streamlines registration and access requests to external source such as applications, and logs request events for auditing
- Out-of-the-box end user self-service and registration UI that can be easily customized
- Provides workflow-driven provisioning and deprovisioning activities, whether for self-service actions such as requests for access, or for admin actions such as updating entitlements, on/off boarding, bulk sunrise or sunset enrollments, handling approvals with escalations
- Embedded Activiti module that includes many different workflow templates and can be used for modeling, testing, and deployment
- Industry-standard BPMN 2.0 process definition models, can be easily created and edited using any BPMN graphical editor, or execute on any BPMN 2.0-compliant engine
- OpenIDM leverages the new OpenICF 1.4 framework (Open Source Identity Connector Framework) for connector development
- New OpenICF Cloud connectors include a Generic Scripted Connector (allows integration with anything that Groovy supports; REST, SOAP, JDBC, JSON etc)
- PowerShell Connector allows you to write and consume PowerShell and PowerShell Cmdlets for simplified integration with Microsoft technologies such as Office 365 and Exchange.