openidm 3.0 - what's new
TRANSCRIPT
OpenIDM 3.0 Identity Administration for Users,
Devices and Things
Anders Askåsen, Senior Technical Product Manager
2
Evolution of Identity
Employees
Consumers
Employees &Partners
Things
PerimeterPerimeter Federation
Perimeter-lessFederation
Cloud / SaaS
Perimeter-lessFederation
CloudSaaS
Mobility
AttributesContext
Stateless
Relationships
3
OpenIDM Lightweight provisioning
Next generation modular architecture
Built on resource oriented principles
Highly extensible
Self contained
4
OpenIDM: Target Use Cases■Embeddable
– Account Management– Self-Service
■Extranet / Customers / Partners / Suppliers– Large scale user management– Federated provisioning [Bridge]
■Enterprise– Sun IDM replacement (for target use cases)– Internal & External (hybrid) environments
5
Core Use Case Functionality• Basic CRUD via RESTful API
• Automate (digitize) workflow processes
• Authoritative-source [HR] provisioning
• Password synchronization (AD intercept)
• Synchronize identity data
• Reporting & Compliance
• Self-service and password management• Profile & entitlement management
6
Flexible Architecture“Plug & Play” Architecture
■ All services are designed as standalone modular resources.
■ Use & run only those modular services needed.
■ Examples of Modularity:– Repository
– Reporting
– BPM / Workflow Engine
– Scripting languages
Embeddable Architecture
■ Tiny footprint and 100%
open source for embeddable
IDM
■ Out-of-the-box REST
interfaces that use standard
development tools for all
programming languages
(e.g. -- Java, C, Perl, PHP,
Ruby, Groovy, etc)
7
Simple API & Scripting ModelREST API
■ Manage all core functions using
REST– UI, user admin, sync,
reconciliation.
■ Mirrors World Wide Web, and
uses HTTP protocol – something
ALL developers understand
■ Platform and language
independent for enterprise,
cloud, social and mobile
environments.
JavaScript and Groovy
Scripting
■ Super friendly languages for
scripting custom rules and
business logic.
■ Standard scripting languages
attractive to massive number
of developers.
■ Scripting approach is agile,
lightweight and can be
dynamically modified at run-
time.
8
OpenIDM 3.0 Highlights
FORGEROCK.COM | LEGAL INFORMATION
9
OpenIDM 3.0Key Feature: Role-Based Provisioning
• OpenIDM exposes a new managed object called Managed Role that can be assigned implicitly via business logic or explicitly.
• Allows a consistent assignment and removal of entitlements and resources via a role based approach.
10
OpenIDM 3.0Key Feature: Aggregated View (first cut)
• Provides visibility into the "link" tables.
• Aggregates identity information into a single view accessible via an endpoint.
• GET https://localhost:8443/openidm/endpoint/linkedView/managed/user/bjensen
11
OpenIDM 3.0Key Feature: Pass-thru Authentication
• Support pass-through authentication to (nearly) any remote Resource.
• When configured, users can login to the UI based on their external credentials.
12
OpenIDM 3.0Key Feature: Cloud Integration and Connectors
• New OpenICF Cloud Connectors- Flexible Scripted Connector- PowerShell
• New OpenICF 1.4 Framework- A widened community- Performance- Better error handling- Complex object representation
13
OpenIDM 3.0Key Feature: User Interface Enhancements
• Easier to customize the OOTB UI with an expanded folder structure
• Customizations can be made without editing default UI files
• Configuration-based theming options - color values, background image paths, and a few other common styling values.
• Performance enhancements to manage high scale environments.
14
OpenIDM 3.0Key Feature: Product Enhancements
• Out of the box Cluster Configuration and High Availability
• Workflow defaults and samples, including:
• User on-boarding/off-boarding• Password Change Reminders• Manager-Subordinate Certification• Manual Matching and Linking• Orphan Account Detection• End-user Access Request
15
OpenIDM 3.0Key Feature: Scripting enhancements
A lot more power with Groovy as a product wide scripting language.
A richer ecosystems with prebuilt components. Interoperability with JVM is seemless with in your scripts!
Powerful development environment
Modular component development – maintainable code base, reuse code.
Completely dynamic script loading
Optimize caching
Business Value: Quicker to deploy, Quicker to customize, Easier to work with, Faster.
16
Q & A
FORGEROCK.COM | LEGAL INFORMATION