IRM Summit 2014

OpenIDM 3.1Identity Administration

AND MORE

Tim SedlackSr. Product Manager

2IRM Summit 2014

Centralize and Synchronize Identity Data

Directories

Databases

Applications

AD, Sun, Oracle, MS SQL, SAP, On-Prem and Cloud based apps

User self service

Dashboard/Reports

3IRM Summit 2014

Enabling ABAC with OpenIDM■ Access based on attributes requires CLEAN attributes

– Legacy stores, with no process means Identity data is “dirty”

■ Identity attributes are not standardized– Ex: Assign access to all PM materials

– Product Manager = PM, or Senior PM, or Dir of PM (for HR or DBA but NOT SAP)

■ Need: Normalize and centralize identity (and attributes) into an

authoritative store– Consume existing identity data

– Feed it to new (and existing) systems

Digital Transformation

6IRM Summit 2014

■ Integrated Identity Management– Account Management

– Self-Service Registration and Password Reset

■ Extranet / Customers / Partners / Suppliers– Large-scale, Multi-source user management

– Cloud provisioning

■ Enterprise– Sun (and other legacy) IDM replacement

– Internal & External (hybrid) environments

OpenIDM: Target Use Cases

7IRM Summit 2014

■ Version 3.0 – Released July, 2014– Scalable UI for “End Users” – Delivery Guarantees– Role-Based Provisioning– OpenICF 1.4– Improved Authentication System- Pass-through AUTH– Update/Align to common REST

The evolution of OpenIDM

- Overall Scripting environment improvements

- High Availability OOB- Load balanced session- Fail over across session

- Expanded Workflow defaults and samples

8IRM Summit 2014

■ Version 3.1 – (expected) Release Dec, 2014– Performance improvements – new options for faster recon/sync– Flexible/Uniform Query API (Queryfilter)– Administrative UI

■ Simplified Connector Management

■ Account Administration (aggregated view)

■ Schedules (reconciliation/sync)

– PostgreSQL/EntperiseDB repository support– Connectors update

■ LDAP Connector with Kerberos support

■ PowerShell Script and Cmdlets

■ Remote Execution of connectors

The evolution of OpenIDM

• Product configuration

• Password Policy

• New Cloud Connectors

• Google, Azure, Salesforce

• Scripted Groovy SDK

• ScriptedSQL and ScriptedREST

9IRM Summit 2014

Benefits with OpenIDM 3.1

Rapid install and configuration with the new Admin UI Configuration of Resources including connectors, mapping, etc

CloudConnect : New Framework for rapid creation and editing of connectors REST Endpoints for SaaS providers (Google, Azure, Salesforce) Windows Administration framework with PowerShell, LDAP, Kerberos

More scalability options & performance improvements

15IRM Summit 2014

Demonstration■ Installation Procedure

■ Overview of Configuration User Interface

■ Improvements to Account Administration with Aggregated View

■ SaaS connector with live updates SaaSy!

16IRM Summit 2014

OpenIDM takeaways■ Simple to install and configure

– Quick POCs, Rapid ROI

■ Centralizes and synchronizes Identity (and more!)– Automation eases administration of accounts, resources and more

■ Extensible, Standards based– Developer friendly, fits unique situations quickly and easily

■ An important part of the ForgeRock stack!– Plays well with OpenAM, OpenDJ and OpenIG AND MORE

17IRM Summit 2014

Q&A

Almost there….