ZKI AK Verzeichnisdienste WÜ

Transcription

1 ZKI AK Verzeichnisdienste WÜ Anders Askåsen Product Manager for OpenIDM *

2 ForgeRock Founded in October 2009 ~80 Employees Worldwide Headquartered in San Francisco, rooted in Norway Subsidiaries in US, UK, Norway, New Zealand & France Development Centers in US, UK & France Marquee Investor: Accel Partners Marquee Advisors: McNealy / Gosling

3

4 The classics of IdM? Life cycle management of Identities - Joiners/Movers/Leavers Onboarding/ Offboarding and dealing with their physical and digital access and entitlements - Provisioning and de-provisioning to systems Keeping track of who did what, why and when? - Reporting and Auditing

5 Product scope & vision Life Cycle Management Regulatory compliance Reporting OSGI JSON Workflow REST BPMN2 JavaScript SCIM & SPML Audit & compliancy Identities Accounts Roles & Groups Other objects Hierarchy & Inheritance Organizations Policies & Rules Enterprise provisioning OpenIDM OpenAM Password synchronization Self-Service Approvals Certification Auditing Account Discovery & Reconciliation et cetera OpenICF Framework Open Standards Support for.net & Java

6 Governing Principles Lightweight - JSON, small foot print, few dependencies Developer friendly - Consistent APIs, Favored components Modular - OSGi Use and run only services needed. Dynamic! Flexible - Plenty of extension points and integration capabilities.

7 Lets go in depth External Services OSGi Core Services

8 Technical Capabilities Installation Integration Discovery Engine Synchronization Password Management Business Rules and Workflow Auditing and Reporting Self-Service (Anonymous) self-registration

9 Installation One ZIP file with everything needed included! To install, just unzip. Small footprint

10 Integration for CRUD OpenICF connectors Push/Pull via REST Active Directory (.net) Database Table (db) Scripted SQL (db) DB2 (db) CA Unidesk (groupware) XML File (file) CSV File (file) Tivoli Access Manager (sso) MySQL (db) Oracle (db) MS SQL (db) LDAP (ldap) Exchange (.net) SPMLv2 (Webservices) RACF (mainframe) Web TimeSheet (cloud) Google Apps (cloud) Solaris (os) VMS (os) Oracle ERP (erp) SalesForce.COM (cloud)

11 Discovery Engine Reconciliation User: John Doe DB jd1234 AD cn=john.doe,ou=people,o=corp Unix jdoe Managed Object CSV File John;Doe; o Correlation and linking o Account Status and Ownership o Per account actions/tasks/workflow o Data cleansing o Run tasks/rules on hooks

12 Discovery Engine Synchronization User: John Doe DB jd1234 AD cn=john.doe,ou=people,o=corp Unix jdoe Managed Object CSV File John;Doe; o System to OpenIDM o System to System o Data transformations o Run tasks/rules on hooks

13 Password Management Synchronize passwords to integrated resources Intercept password changes natively on OpenDJ and Active Directory via plug-ins. Supports password changes and resets according to password policy. Password resets using challenge questions Self-Service Password management

14 Business Logic and Rules Defined using JavaScript Invoke BPMN workflow everywhere! Hooks through-out the product - oncreate, onupdate, ondelete - Triggers and on situations - Scheduled and deferred tasks

15 Business Processes Full blown BPMN 2.0 workflow engine Embedded as OSGi bundle Approvals, Notifications, Escalations, Delegations, Manual actions Can be invoked on Hooks, scheduled, deferred or by triggers Interact externally via REST

16 Workflow Tooling Process Modeller Web based Drag n Drop For Analysts Process Designer Eclipse Plugin Drag n Drop For Developers

17 Auditing & Reporting OpenIDM collect audit and logging data everywhere Fully configurable what/when/where to collect Expose or pushes data Ideal to integrate with 3 rd party reporting tools. Easily integrates with e.g: Jasper Pentaho Crystal Reports

18 Outbound Services Outbound Integration - Notifications - REST calls Information can be routed to any type of store (CSV, RDBMS, web services etc) Reporting Engines and Business Intelligence solutions can provide reports OpenIDM provides the data. Fully configurable format on what to publish and when

19 Task Scanner Scans for deferred tasks or objects with sunset/ sunrise dates associated. Highly scalable Clusterable for High-Availability and scale

20 Typical Use-Cases HR (or authoritative source) driven provisioning Orphan accounts report (using external reporting engine) and cleansing Password Synchronization Synchronize identity data between resources. Basic CRUD via RESTful API for custom UIs. Self-service provisioning and password management

21 Campus Subscription Introducing University Campus Subscription Subscription not tied to the number of students SLA: - 24/7, 2 or 4 hours response - 8x5 NBD

22 Questions & Answers Q & A

23 Securing your University Thank You! hbp://openidm.forgerock.org *