Tim Sedlack and Anders Askasen, both Senior Product Managers for OpenIDM, presenting: OpenIDM 3.1: Extending the Enterprise with SaaS and Social JIT Provisioning
4. 4
What is OpenIDM?
ï§ Lightweight provisioning
ï§ Next generation modular
architecture
ï§ Built on resource oriented
principles
ï§ Highly extensible
ï§ Self contained
5. 5
Manage Internet of Everything
Disruptive IoT capabilities
Mobile Apps
Cloud Apps
Things
Enterprise Apps
ïManaged Objects allow you to model and manage any
type of data object and relation.
ïIdeal for Identity Administration but the real game
changers is, it extends to IoT devices and things
6. 6
Centralized Identity
Administration in the
Hybrid World
Directories
Databases
Applications
AD, Sun,
Oracle, MS
SQL, SAP,
On-Prem
and Cloud
based apps
User self service
Dashboard/Reports
7. 7
Shared Platform Benefits
Single REST framework with consistent set of
operations across the stack (CREST)
Single, extensible UI model for all products built on
CREST using backbone and jquery
Authentication and Authorization filters available to
protect the stack and REST end-points
Shared persistence data storage across platform
with common logging and event output
8. 8
OpenIDM: Target Use Cases
â Embeddable
â Account Management
â Self-Service
â Extranet / Customers / Partners /
Suppliers
â Large scale user management
â Federated provisioning [Bridge]
â Enterprise
â Sun IDM replacement (for target use cases)
â Internal & External (hybrid enterprise and cloud) environments
9. 9
Core Use Case Functionality
âą Basic CRUD via RESTful API
âą Automate (digitize) workflow processes
âą Authoritative-source [HR] provisioning
âą Password synchronization (AD intercept)
âą Synchronize identity data
âą Reporting & Compliance
âą Self-service and password management
âą Profile & entitlement management
10. 10
Flexible Architecture
âPlug & Playâ Architecture
â All services are designed as
standalone modular
resources.
â Use & run only those
modular services needed.
â Examples of Modularity:
â Repository
â Reporting
â BPM / Workflow Engine
â Scripting languages
Embeddable Architecture
â Tiny footprint and 100%
open source for embeddable
IDM
â Out-of-the-box REST
interfaces that use standard
development tools for all
programming languages
(e.g. -- Java, C, Perl, PHP,
Ruby, Groovy, etc)
11. 11
Simple API & Scripting Model
REST API
â Manage all core functions
using RESTâ UI, user admin,
sync, reconciliation.
â Mirrors World Wide Web, and
uses HTTP protocol â
something ALL developers
understand
â Platform and language
independent for enterprise,
cloud, social and mobile
environments.
JavaScript and Groovy
Scripting
â Super friendly languages for
scripting custom rules and
business logic.
â Standard scripting languages
attractive to massive number
of developers.
â Scripting approach is agile,
lightweight and can be
dynamically modified at run-time.
12. 12
OpenIDM 3.1 Benefits
ï§ Optimized to deal with massive scale user
populations targeting external facing identity use-cases.
(>10M ids)
ï§ Enhanced enterprise use-cases with role based
provisioning, aggregated view and an administrative
user interface.
ï§ Rich set of connectors, both traditional on-prem
solutions as well as off-prem SaaS solutions with
the new CloudConnect Module making it the perfect
hybrid Identity Management solution.
14. 14
4 Connector Buckets
Base Connectors, part of OpenIDM Core.
Supported by ForgeRock.
Advanced Connectors, Individual connectors,
licesensed separately. Supported by ForgeRock.
CloudConnect â SaaS connectors part of the
CloudConnect module. Sold separate or as a
bundle. Supported by ForgeRock
Community connectors â not supported by
ForgeRock.
15. 15
ICF 1.4 new connectors
â Google apps with v2 API
â .Net: PowerShell connector
â Supports both PS scripts and cmdlets!
â Java: Groovy connector (associate a Groovy script for CRUD actions)
â Groovy connector implementation: ScriptedSQL and ScriptedREST
â Existing LDAP and AD connectors will be upgraded to 1.4 as well
â SalesForce.com
17. 17
Whatâs New?
â Support for PostgreSQL/EnterpriseDB as repo
â Provides a data aggregation of all known information
about a user, including identity data stored in managed
user and provisioned accounts linked to a user
â Administrative User Interface â Visual Configuration!
â Connector Mgmt (multi-src, multi-target, dynamic UI based on
connector JSON)
â Account Admin (including Aggregated View)
â Schedules (recon/sync)
â Product Configuration
â Password Policy
18. 18
Whatâs New?
â Enhanced LDAP connector with Kerberos support *
â SPML 1.0 support *
â Single Record Reconciliation
â âGenericâ QueryFilter facility
â Write one query â have it work on any resource.
â Reconciliation & Sync dashboard
20. 20
Admin UI: Cloud Connector
Configuration
â Connect from Enterprise Source to Cloud based
SaaS application
â Example OpenDJ LDAP server - > GoogleApps
â Initial configuration in less than 5 min
â Data sync in less than 10!
21. 21
Social JIT Provisioning
â OpenIDM provides support for OpenID
authentication filters
â Allows you to use Social Media IdP e.g. Google+
for login to OpenIDM
â Harvest attributes from Google+ and JIT provision
to backend systems.
â Allows massive and easy onboarding of users
22. 22
OpenIDM takeaways
â Simple to install and configure
â Quick POCs, Rapid ROI
â Centralizes and synchronizes Identity (and more!)
â Automation eases administration of accounts, resources and more
â Extensible, Standards based
â Developer friendly, fits unique situations quickly and easily
â An important part of the ForgeRock stack!
â Plays well with OpenAM, OpenDJ and OpenIG
23. 23
Where in the world is
ForgeRock?
Gartner IAM Summit
December 2 - 4, 2014
Las Vegas, NV
Data Connectors Conference
December 4, 2014
San Francisco, CA
Argyle CIO Leadership Forum
December 10, 2014
New York, NY
Visit forgerock.com for more details