WHITEPAPER OpenIDM. Identity lifecycle management for users, devices, & things

Similar documents
WHITEPAPER ForgeRock Identity Management. Identity lifecycle management for users, devices, and things

G Cloud 6 CDG Service Definition for Forgerock Software Services

Tech Brief: Upgrading from Sun IAM to ForgeRock Open Identity Stack

PRODUCT BRIEF OpenAM. Delivering secure access for customers, applications, devices and things

Securing your business

Helping Healthcare Organizations to Build Digital Businesses

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

The Circle of Life: Protecting Your Sun IAM Investment with ForgeRock s Open Identity Stack (formerly Sun Open Source IAM)

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

WHITEPAPER Improving the Quality of Government Services with Citizen-Focused Identity Management

Open Identity Stack. Forging a New Future with Identity Relationship Management

midpoint Overview Radovan Semančík December 2015

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

RSA Identity Management & Governance (Aveksa)

Enterprise Open Source Identity Middleware. Anders Askåsen, Product Manager

BOF4803 Open source identity and access management. 1 October :30p San Francisco CA

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Business-Driven, Compliant Identity Management

IBM Tivoli Directory Integrator

Identity & access management solution IDM365 for the Pharma & Life Science

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Simplify Identity Management with the CA Identity Suite

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

The Top 5 Federated Single Sign-On Scenarios

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Using ESB technology as a foundation for BPM

Kony Mobile Application Management (MAM)

OracleAS Identity Management Solving Real World Problems

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

Two-Factor Authentication

ADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT

SAP INTEGRATION APPROACHES

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

Quest One Identity Solution. Simplifying Identity and Access Management

Workday Integration Cloud

Is Your Identity Management Program Protecting Your Federal Systems?

Complementing Your Web Services Strategy with Verastream Host Integrator

<Insert Picture Here> Oracle Identity And Access Management

Identity and Access Management for the Hybrid Enterprise

Speeding Office 365 Implementation Using Identity-as-a-Service

Government of Canada Directory Services Architecture. Presentation to the Architecture Framework Advisory Committee November 4, 2013

Technical Paper. What is a. Process-Based. Application?

STRONGER AUTHENTICATION for CA SiteMinder

How Oracle MAF & Oracle Mobile Cloud can Accelerate Mobile App Development

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Mastering Continuous Integration with Jenkins

Automating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc nd Street Suite 350 San Francisco CA, 94107

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Introduction to TIBCO MDM

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Feature Guide Elastic Path Commerce Engine Version 6.7

Office365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA

managing SSO with shared credentials

Manufacturer to Enhance Efficiency with Improved Identity Management

Leverage Your EMC Storage Investment with User Provisioning for Syncplicity:

Inside the Digital Commerce Engine. The architecture and deployment of the Elastic Path Digital Commerce Engine

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

Automated User Provisioning

Property Management and Data Visualization Solution with Autodesk and the Oracle E-Business Suite

Sage Integration Cloud Technology Whitepaper

Junos Space for Android: Manage Your Network on the Go

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Migrating Lotus Notes Applications to Google Apps

Business-Driven, Compliant Identity Management

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

The organization decided that creating a more robust approach to customerfacing identity management represented a strategic opportunity.

CoSign by ARX for PIV Cards

Enterprise Identity Management Reference Architecture

Identity Relationship Management

Oracle Role Manager. An Oracle White Paper Updated June 2009

White paper Contents

Build A private PaaS.

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

1 Introduction Product Description Strengths and Challenges Copyright... 5

Enterprise Digital Identity Architecture Roadmap

The Impact of PaaS on Business Transformation

Identity & Access Management in the Cloud: Fewer passwords, more productivity

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Softchoice Solution Guide: five things you need to know about single-sign on

CA Process Automation for System z 3.1

Web4thejob. About Web4thejob. ZK x Web4thejob

When millions need access: Identity management in an increasingly connected world

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

SOLUTION WHITE PAPER. Remedyforce Powerful Platform

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

Sisense. Product Highlights.

TrustedX - PKI Authentication. Whitepaper

Pervasive Software + NetSuite = Seamless Cloud Business Processes

Moving Beyond User Names & Passwords

Integrating Hitachi ID Suite with WebSSO Systems

Apache Syncope OpenSource IdM

Embedded Analytics Vendor Selection Guide. A holistic evaluation criteria for your OEM analytics project

Transcription:

WHITEPAPER OpenIDM Identity lifecycle management for users, devices, & things

Introduction Organizations of all sizes employ a variety of different approaches to manage identity administration and provisioning through the identity lifecycle. Traditionally organizations only dealt with this process from the inside. However organizations are dealing with the harsh reality of managing external users and identities as these users are looking to engage with the organization. The potential scale of external identities will out number the internal identities quickly, which leads to this dilemma: Is the current infrastructure used to administer internal identities capable of the large scale and special interactions required for external identity based registration and maintenance? To meet the need, organizations need to look at their identity administration and provisioning lifecycle differently than they have in the past. Most consider identities to be people but as devices and things become more intelligent they also require identities. In terms of an organization, identity is no longer just a user and their computer but now a customer with many devices, or things like a thermostat managed through cloud services, traffic lights, citizen warning systems, cars, literally anything that is connected will need to be administered and provisioned. This variety and potential veracity of registration needs will complicate the administration and provisioning as new devices, things, and services will put significant pressure on current infrastructures to scale beyond current levels. Organizations need to take an identity approach to engagement will remove barriers to entry that will improve how the organization interacts with customers and customers with the organization. Organizations will soon quickly need to consider their current identity posture and plan for the future. Considerable consideration needs to be made to the infrastructure scale, identity administration and provisioning lifecycle and the level of engagement required to fulfill business needs. If all are accounted for properly, organizations could gain a considerable business advantage over their competitors. OpenIDM Overview OpenIDM is an identity administration and provisioning solution focused on managing relationships across users, devices and things, and is designed in response to the pain organizations suffer deploying legacy enterprise provisioning solutions. These mostly proprietary solutions are monolithic, heavyweight, painfully slow to deploy, and outrageously expensive; furthermore, they are not prepared for today s organizational needs, like connecting to cloud infrastructure and internet-connected devices and things. Unlike legacy identity management solutions, OpenIDM is the only 100% commercial open source, lightweight, provisioning solution purpose-built for internet scale. OpenIDM is built on modular, plug-and-play identity services, so you consume only what you need. In addition, OpenIDM has a simple REST API that is ideal for anyone in need of provisioning across enterprise, cloud, social, and mobile environments. When it comes to identity management, legacy systems were not built with the modern world in mind. They were built for on-premises employees using a company-provided computer. As times have shifted to a multi-device-owning, always-connected mobile workforce, the complexity, cost, and potential for vendor lock-in of these legacy solutions has become increasingly apparent. ESG Lab Validation: ForgeRock Identity Platform

OpenIDM utilizes a Java-based architecture that is built on the OSGi framework. OpenIDM (See Diagram 1: OpenIDM Functional Architecture) is able to provide lightweight, modular services such as automated workflow, user self-service, registration, password sync, data reconciliation, and audit logging, all accessible through developer-friendly REST APIs, using standard Java development tools such as Eclipse, NetBeans, Spring, etc. OpenIDM provides mutli-layered provisioning activities through an embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard.the modular design of OpenIDM enables complete flexibility to use the embedded workflow engine and a database or replace these technologies with your selected platforms and services. OpenIDM s design has a small footprint. In fact, the entire OpenIDM service can itself be completely embedded and custom-tooled to the requirements of the target applications or services. OpenIDM connects to all your identity sources: external systems, databases, directory servers, and other sources of identity through the identity connector framework, OpenICF (ForgeRock Identity Connector Framework). Historically, the reason for building an internal enterprise user administration and provisioning system was to connect to the HR system. Now with OpenIDM, organizations can support both internal employee systems and large-scale customer-facing applications for registration, user self-service, password reset, and user profile management. The object model is designed to support the methods the organization chooses to manage identity information of users, groups, devices, and things. The options are to configure OpenIDM to create a virtual identity with links to external systems (data sparse model) or to create a metadirectory that centrally stores (data full model) a copy of identity attributes including virtual links to other external systems. OpenIDM Functional Architecture UI Layer ForgeRock UI Framework Access Layer Common REST Business Logic Layer JavaScript Groovy Java Services Layer Provisioning Services Password Management Policy Service Report & Audit Service Directory Service Task Scanner OpenIDM Repository Synchronization & Reconciliation Workflow Engine External Resources Layer

OpenIDM Key Features Password Synchronization for Enforcing a Secure, Centralized Password Policy: OpenIDM password synchronization is a service that allows organizations to synchronize passwords in real time to ensure uniformity across all applications and data stores such as Active Directory. With password synchronization, any user, device, or connected thing authenticates using the same credentials on each synched resource. This, in tandem with the user self-service feature, significantly reduces helpdesk costs and improves the customer experience, by automating and speeding password reset, and establishing a secure, centralized password policy that makes it easy for legitimate users to access the resources they want. Provisioning Based on Custom-Tailored Workflows: OpenIDM provides a workflow engine and business process engine that support the create, update, and delete functions based on workflow-driven provisioning activities. This can be for selfservice actions such as a user or device requesting access to an application, or an administrator handling bulk onboarding or off-boarding. To simplify defining workflows and business processes, the embedded Activiti module can be used for modeling, testing, and deployment. Activi supports BPMN 2.0 process definition models, which can not only exchange between different graphical editors, but can also execute as is on any BPMN 2.0-compliant engine. Organizations can easily custom-define workflows and business processes that meet their unique needs. Synchronization & Reconciliation Simplifying the Identity Administration and Provisioning Lifecycle: In addition to passwords, OpenIDM has the ability to sync and reconcile other attributes including role and group data between connected systems. Leveraging OpenICF allows provisioning software such as OpenIDM to manage identities maintained by a specific identity provider. This connector framework provides a consistent layer between target resources and applications, and the framework exposes a set of programming functions for the full lifecycle of an identity. These functions are critical to ensure that identity information is clean, consistent, and accurate throughout the organization. OpenIDM has a flexible synchronization mechanism that provides for on-demand and scheduled Initially, we considered traditional, closed source enterprise IAM vendors to help us drive our vision forward, but it quickly became evident that they would not be able to offer a solution that would be able to integrate or scale as quickly as we needed. GREG KALINSKY, Senior Vice President and Chief Information Officer, GEICO resource comparisons and is a key process for audit and compliance reporting. For organizations that provide services to users, devices, and connected things across multiple, disparate systems, streamlining identity management through synchronization and reconciliation services is essential to the identity administration and provisioning lifecycle. Audit Logging to Show Infrastructure Activities: OpenIDM auditing can log and publish all relevant system activity to connected systems. This includes auditing the data from the reconciliation process, access details, and detailed activity logs that capture operations within both OpenIDM and connected systems. Auditing data can be generated for all relevant reports, including orphan account reports, by running a report query or downloading to other reporting tools. When auditing is required, easy access to audit logs will take the pressure off of IT organizations that need to show infrastructure activities. Connection to the Cloud Without Complex Customization: With complete flexibility in data and object schema, the OpenIDM architecture enables support for both traditional on-premises applications as well as for cloud service providers such as Workday, Google Apps, and Salesforce.com. Whether using the intuitive user interface or the REST API, OpenIDM is easy to configure straight out of the box, able to provide user provisioning and administration services to cloud providers without complex customization. As more and more services move to the cloud, it is important for organizations to simplify account creation, updating, deleting, and auditing without the cost and overhead of deploying multiple systems.

Flexible Developer Access for Unparalleled Customization: An open and well-documented access layer provides the user interfaces and public APIs for accessing and managing the OpenIDM repository and all its functions. RESTful interfaces provide APIs for CRUD operations and for invoking synchronization and reconciliation. Our pluggable server side scripting engine provides interfaces to both Javascript and Groovy out of the box. User interfaces provide password management, registration, self-service, and workflow services. As organizations change, it s critical that their identity infrastructure changes along with them--which is why the open framework for developers is critical. An open framework provides developers with direct access to manage the OpenIDM repository and its functions at will. Conclusion With ForgeRock OpenIDM, organizations can grow the business by connecting digital identities to new services while managing the complete identity lifecycle. For end users as they move from device to device, and they ll enjoy a seamless experience on any digital channel, from Internet-connected things to traditional enterprise applications. ForgeRock s OpenIDM is the only 100% commercial open source, provisioning solution that is also prepared for high scale and high volume demands. By providing enterprise features at internet scale, ForgeRock OpenIDM provides a customized environment customized to fit the organization s needs and requirements including role-based provisioning, high availability out of the box, workflow synchronization (with delivery guarantees), customizable user interfaces, end user self-service, and password management. Fore more information visit https://www.forgerock.com/en-us/products/identity-management/ and https://forgerock.org/openidm/. SAN FRANCISCO VANCOUVER OSLO BRISTOL GRENOBLE LONDON +1-415-599-1100 +1-360-229-7105 +47-2108-1746 +44-117-223-2167 +33-625-14-96-92 +44-20-3598-4786 SINGAPORE +65-6709-5705 About ForgeRock The ForgeRock Identity Platform transforms the way millions of customers and citizens interact with businesses and governments online, providing better security, building relationships, and enabling new cloud, mobile, and IoT offerings from any device or connected thing. ForgeRock serves hundreds of brands like Morningstar, Vodafone, GEICO, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, among many others. Headquartered in San Francisco, California, ForgeRock has offices in London, Bristol, Grenoble, Oslo, Singapore, and Vancouver, Washington. ForgeRock is privately held, backed by leading global venture capital firms Accel Partners, Foundation Capital, and Meritech Capital. For more information and free downloads, visit http://www.forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock. ForgeRock is the trademark of ForgeRock Inc. or its subsidiaries in the U.S. and in other countries. FORGEROCK.COM

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information