Upload
forgerock
View
704
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Tim Sedlack and Anders Askasen, both Senior Product Managers for OpenIDM, presenting: OpenIDM 3.1: Extending the Enterprise with SaaS and Social JIT Provisioning
Citation preview
ForgeRock OpenIDM 3.1
Extending the Enterprise with SaaS and Social JIT
Provisioning
2
Tim Sedlack
Sr. Product ManagerAnders Askåsen
Sr. Technical Product Manager
OpenIDM Product Mgmt
team
3
Evolution of Identity
Employees
Consumers
Employees &
Partners
Things
PerimeterPerimeter
Federation
Perimeter-less
Federation
Cloud / SaaS
Perimeter-less
Federation
Cloud
SaaS
Mobility
Attributes
Context
Stateless
Relationships
4
What is OpenIDM?
Lightweight provisioning
Next generation modular
architecture
Built on resource oriented
principles
Highly extensible
Self contained
5
Manage Internet of EverythingDisruptive IoT capabilities
Mobile Apps
Cloud Apps
Things
Enterprise Apps
Managed Objects allow you to model and manage any
type of data object and relation.
Ideal for Identity Administration but the real game
changers is, it extends to IoT devices and things
6
Centralized Identity Administration in the
Hybrid World
Directories
Databases
Applications
AD, Sun,
Oracle, MS
SQL, SAP,
On-Prem
and Cloud
based apps
User self service
Dashboard/Reports
7
Shared Platform Benefits
Single REST framework with consistent set of
operations across the stack (CREST)
Single, extensible UI model for all products built on
CREST using backbone and jquery
Authentication and Authorization filters available to
protect the stack and REST end-points
Shared persistence data storage across platform
with common logging and event output
8
OpenIDM: Target Use Cases
■ Embeddable– Account Management
– Self-Service
■ Extranet / Customers / Partners /
Suppliers– Large scale user management
– Federated provisioning [Bridge]
■ Enterprise– Sun IDM replacement (for target use cases)
– Internal & External (hybrid enterprise and cloud) environments
9
Core Use Case Functionality
• Basic CRUD via RESTful API
• Automate (digitize) workflow processes
• Authoritative-source [HR] provisioning
• Password synchronization (AD intercept)
• Synchronize identity data
• Reporting & Compliance
• Self-service and password management
• Profile & entitlement management
10
Flexible Architecture
“Plug & Play” Architecture
■ All services are designed as standalone modularresources.
■ Use & run only those modular services needed.
■ Examples of Modularity:
– Repository
– Reporting
– BPM / Workflow Engine
– Scripting languages
Embeddable Architecture
■ Tiny footprint and 100%
open source for embeddable
IDM
■ Out-of-the-box REST
interfaces that use standard
development tools for all
programming languages
(e.g. -- Java, C, Perl, PHP,
Ruby, Groovy, etc)
11
Simple API & Scripting ModelREST API
■ Manage all core functions
using REST– UI, user admin,
sync, reconciliation.
■ Mirrors World Wide Web, and
uses HTTP protocol –
something ALL developers
understand
■ Platform and language
independent for enterprise,
cloud, social and mobile
environments.
JavaScript and Groovy
Scripting
■ Super friendly languages for
scripting custom rules and
business logic.
■ Standard scripting languages
attractive to massive number
of developers.
■ Scripting approach is agile,
lightweight and can be
dynamically modified at run-
time.
12
OpenIDM 3.1 Benefits Optimized to deal with massive scale user
populations targeting external facing identity use-cases. (>10M ids)
Enhanced enterprise use-cases with role based provisioning, aggregated view and an administrative user interface.
Rich set of connectors, both traditional on-premsolutions as well as off-prem SaaS solutions with the new CloudConnect Module making it the perfect hybrid Identity Management solution.
13
New: CloudConnect■ Module provides cloud connectors (Google Apps,
Salesforce, Office365, etc).
■ Offers easy On-Prem to SaaS synchronization
■ SSO Assertion Generation and Dashboard
(Future roadmap)
14
4 Connector Buckets
Base Connectors, part of OpenIDM Core.
Supported by ForgeRock.
Advanced Connectors, Individual connectors,
licesensed separately. Supported by ForgeRock.
CloudConnect – SaaS connectors part of the
CloudConnect module. Sold separate or as a
bundle. Supported by ForgeRock
Community connectors – not supported by
ForgeRock.
15
ICF 1.4 new connectors
■ Google apps with v2 API
■ .Net: PowerShell connector
– Supports both PS scripts and cmdlets!
■ Java: Groovy connector (associate a Groovy script for CRUD actions)
■ Groovy connector implementation: ScriptedSQL and ScriptedREST
■ Existing LDAP and AD connectors will be upgraded to 1.4 as well
■ SalesForce.com
16
Scripted Connectors
■ Scripted Groovy Connector Implementations
– Scripted SQL
– Scripted REST
– Scripted CREST
– Scripted Azure
■ Samples provided!
■ Microsoft Integration – The Scripted PowerShell
Connector
■ Samples provided illustrating Active Directory
17
What’s New?
■ Support for PostgreSQL/EnterpriseDB as repo
■ Provides a data aggregation of all known information
about a user, including identity data stored in managed
user and provisioned accounts linked to a user
■ Administrative User Interface – Visual Configuration!
– Connector Mgmt (multi-src, multi-target, dynamic UI based on
connector JSON)
– Account Admin (including Aggregated View)
– Schedules (recon/sync)
– Product Configuration
– Password Policy
18
What’s New?
■ Enhanced LDAP connector with Kerberos support *
■ SPML 1.0 support *
■ Single Record Reconciliation
■ “Generic” QueryFilter facility
– Write one query – have it work on any resource.
■ Reconciliation & Sync dashboard
19
Demonstration
FORGEROCK.COM | LEGAL INFORMATION
20
Admin UI: Cloud Connector
Configuration
■ Connect from Enterprise Source to Cloud based
SaaS application
– Example OpenDJ LDAP server - > GoogleApps
– Initial configuration in less than 5 min
– Data sync in less than 10!
21
Social JIT Provisioning
■ OpenIDM provides support for OpenID
authentication filters
■ Allows you to use Social Media IdP e.g. Google+
for login to OpenIDM
■ Harvest attributes from Google+ and JIT provision
to backend systems.
■ Allows massive and easy onboarding of users
22
OpenIDM takeaways
■ Simple to install and configure
– Quick POCs, Rapid ROI
■ Centralizes and synchronizes Identity (and more!)
– Automation eases administration of accounts, resources and more
■ Extensible, Standards based
– Developer friendly, fits unique situations quickly and easily
■ An important part of the ForgeRock stack!
– Plays well with OpenAM, OpenDJ and OpenIG
23
Where in the world is ForgeRock?
Gartner IAM Summit
December 2 - 4, 2014
Las Vegas, NV
Data Connectors Conference
December 4, 2014
San Francisco, CA
Argyle CIO Leadership Forum
December 10, 2014
New York, NY Visit forgerock.com for more details
24
Q & A
FORGEROCK.COM | LEGAL INFORMATION