ForgeRock OpenIDM 2.1

Introducing the Next Generation, Open Source Identity Management System

Modern Enterprises, companies and organizations rely on complex IT environments, battling with the constant changes to user access, identity data being stored and managed. A very daunting and time consuming task. Having a consistent process for the management of identities and their access, yet provide the flexibility to implement changes and alterations and at the same time lowering cost is what ForgeRock OpenIDM is about.
ForgeRock OpenIDM allows for automating user identity life-cycle management in real time, including the management of user accounts and access privileges in applications; local or cloud based. This helps the organization to ensure and comply with policies and regulatory requirements.

OpenIDM is a fully Open Source community project, built around a modern OSGi based architecture with a RESTful API integrating well with modern as well as legacy technologies. OpenIDM is designed to be flexible allowing customers to tailor the solution to fit their business needs and requirements using hooks where custom Java methods, JavaScripts or Workflow can be invoked. OpenIDM aims at being developer-friendly, lightweight, modular and easy to install yet cover all the enterprise needs.

Key Capabilities

Information Storage and Extendable Data Model

OpenIDM provides a flexible object based model with an underlying storage in an embedded DBMS system, optimized to be scalable, lightweight, secure and transactional. There are no strict pre-defined objects and relations. Almost without any
limit now type of objects, attributes and relations can be introduced making it unnecessary for external data management systems.

Embeddable Architecture

Significantly decrease the required implementation period and the unit testing of the framework increase the stability of the customized system.

Password management

OpenIDM provides the necessary capabilities to define and enforce password policies through-out the enterprise as well as intercepting and synchronizing passwords from Microsoft Active Directory and ForgeRock OpenDJ, but also provide reset and retrieval functionalities.

Account Discovery and Reconciliation

OpenIDM offers a scalable method of discovering new, changed or deleted accounts on integrated resources as well as provide the necessary information to offer critical information about orphan accounts etc.
Active and Static Synchronization In near real time can OpenIDM detect changes in state to objects on resources. This means that a new user created on a resource can trigger an event inside OpenIDM to ensure he gets provisioned correctly with the proper access and entitlements - typically this allows enterprises to automatically drive provisioning activities from Human Resource systems or other authoritative sources. The synchronization also allows to call out to custom Java methods, workflows or rules.

Flexible Rules with JavaScript

OpenIDM allows for powerful rules to be created using JavaScript. This gives the advantage of easily being able to map and transform identity data as it flows through OpenIDM to the integrated end resources and vice versa.

Audit and Reporting

OpenIDM ensures that proper logging is done on all activities happening inside OpenIDM and offers the capability to provide reports distilled on the specific needs for customers. OpenIDM also provides an Event Publisher which allows third party reporting tools to integrate easily with OpenIDM to extract the necessary reports in well known formats.

Workflow and Business Processes

Every action inside OpenIDM is tied to an event which can trigger custom actions whether they are call-outs to Java methods, JavaScripts or Workflows. Embedded with OpenIDM is a full blown BPMN 2.0 workflow engine.

Resource Connectors

OpenIDM leverages the Open Source Identity Connector Framework (OpenICF) providing a rich set of mature connectors to a number of systems such as databases, directories and operating systems. The framework is also easily extended with additional connectors to support custom integrations to third party applications. See the Resource connector table for a list of available connectors.


ForgeRock OpenIDM follows a lightweight principle, relying on as few components as possible, leveraging JSON as model and exposing functionality and services via RESTful WEB API. The internal object model is flexible and allows to be modeled according to any requirements. Components and services can be added or removed at will as the entire application is built around modern OSGi principles.

System Requirements

ForgeRock OpenIDM depends on the Java environment more than it depends on the underlying operating systems. OpenIDM relies on Java 6, specifically at least the Java Standard Edition 6.0 (Sun version 1.6.0_10) runtime environment.

That said, OpenIDM 2.0 has been validated on the following operating systems.

A minimum of 4 GB memory is typically required.