This document provides an overview of OpenIDM for beginners. It describes where OpenIDM fits within identity and access management. OpenIDM addresses common identity management use cases like provisioning, deprovisioning, compliance and auditing, and password management. It utilizes connectors to interface with external systems and repositories. Workflow engines like Activiti can be integrated to automate approval processes. The document demonstrates OpenIDM configuration and provides an example of implementing a user provisioning workflow.
2. Objectives
Upon completion of this presentation, you should be
able to:
•
Describe where OpenIDM fits into the OIS
•
Describe the Business Needs for OpenIDM
•
Describe IDM Use Cases Addressed by OpenIDM
•
Describe OpenIDM Features
01-2
9. Provisioning
•
Depending on a user's business role and predefined rules a
new user will:
•
•
•
Therefore a central instance is needed which
•
•
•
•
Get accounts on backend systems on create
Get default group/role membership
Connects to all relevant systems
Is able to sync user attributes and memberships
Can automatically apply rules
Manager, approving persons and end-user need well defined
access to the user's data
01-9
11. Passwords
•
Passwords can be changed at a central place and distributed to
external systems based on flexible rules and password policies
•
The provisioning engine needs to detect password changes
from an external resource
•
User administrators and end user need well defined access to
the user's passwords
•
A password reset mechanism is in place
•
Passwords which have been reset can be sent to the end user
in a secure way
01-11
13. Components used in OpenIDM
Java → min 1.6 update 24 on Win: Java 7
OSGi → implementation: Felix
Servlet container → implementation: Jetty
Repository → OrientDB, MySQL and others
JSON → structure for configurations
OpenICF → local or remote connector server
Connectors to external systems → i.e. AD, LDAP, file...
Activiti → workflow engine
01-13
15. The REST Interface
Representational State Transfer (REST)
Conforming to the REST constraints is generally
referred to as being "RESTful"
REST utilizes HTTP methods:
GET
PUT
POST
DELETE
HEAD
01-15
16. OpenIDM in action
•
Install OpenIDM
•
Start with workflow sample
•
Get user through reconciliation
•
Start
01-16
19. Activiti Introduction
A light-weight workflow and Business Process
Management Software
BPMN 2 compliant
A process engine for Java applications
It's open-source and distributed under the Apache
license
Workflows are deployed as business archives (.bar)
Workflow definitions are in XML format
01-19
26. Other OpenIDM Features
Task Scheduling
Cluster OpenIDM for
High availability
Horizontal scalability
OpenIDM command line
Data validation through policies
Managing Passwords
Send emails
01-26