Introducing the Next Generation, Open Source Identity Management System
Modern Enterprises, companies and organizations rely on complex IT environments, battling with the constant changes to user access, identity data being stored and managed. A very daunting and time consuming task. Having a consistent process for the management of identities and their access, yet provide the flexibility to implement changes and alterations and at the same time lowering cost is what ForgeRock OpenIDM is about.
ForgeRock OpenIDM allows for automating user identity life-cycle management in real time, including the management of user accounts and access privileges in applications; local or cloud based. This helps the organization to ensure and comply with policies and regulatory requirements.
OpenIDM provides a flexible object based model with an underlying storage in an embedded DBMS system, optimized to be scalable, lightweight, secure and transactional. There are no strict pre-defined objects and relations. Almost without any
limit now type of objects, attributes and relations can be introduced making it unnecessary for external data management systems.
Significantly decrease the required implementation period and the unit testing of the framework increase the stability of the customized system.
OpenIDM provides the necessary capabilities to define and enforce password policies through-out the enterprise as well as intercepting and synchronizing passwords from Microsoft Active Directory and ForgeRock OpenDJ, but also provide reset and retrieval functionalities.
OpenIDM offers a scalable method of discovering new, changed or deleted accounts on integrated resources as well as provide the necessary information to offer critical information about orphan accounts etc.
Active and Static Synchronization In near real time can OpenIDM detect changes in state to objects on resources. This means that a new user created on a resource can trigger an event inside OpenIDM to ensure he gets provisioned correctly with the proper access and entitlements - typically this allows enterprises to automatically drive provisioning activities from Human Resource systems or other authoritative sources. The synchronization also allows to call out to custom Java methods, workflows or rules.
OpenIDM ensures that proper logging is done on all activities happening inside OpenIDM and offers the capability to provide reports distilled on the specific needs for customers. OpenIDM also provides an Event Publisher which allows third party reporting tools to integrate easily with OpenIDM to extract the necessary reports in well known formats.
OpenIDM leverages the Open Source Identity Connector Framework (OpenICF) providing a rich set of mature connectors to a number of systems such as databases, directories and operating systems. The framework is also easily extended with additional connectors to support custom integrations to third party applications. See the Resource connector table for a list of available connectors.
ForgeRock OpenIDM follows a lightweight principle, relying on as few components as possible, leveraging JSON as model and exposing functionality and services via RESTful WEB API. The internal object model is flexible and allows to be modeled according to any requirements. Components and services can be added or removed at will as the entire application is built around modern OSGi principles.
ForgeRock OpenIDM depends on the Java environment more than it depends on the underlying operating systems. OpenIDM relies on Java 6, specifically at least the Java Standard Edition 6.0 (Sun version 1.6.0_10) runtime environment.
That said, OpenIDM 2.0 has been validated on the following operating systems.
A minimum of 4 GB memory is typically required.