ForgeRock OpenIDM 3.1

Extending the Enterprise with SaaS and Social JIT

Provisioning

2

Tim Sedlack

Sr. Product ManagerAnders Askåsen

Sr. Technical Product Manager

OpenIDM Product Mgmt

team

3

Evolution of Identity

Employees

Consumers

Employees &

Partners

Things

PerimeterPerimeter

Federation

Perimeter-less

Federation

Cloud / SaaS

Perimeter-less

Federation

Cloud

SaaS

Mobility

Attributes

Context

Stateless

Relationships

4

What is OpenIDM?

Lightweight provisioning

Next generation modular

architecture

Built on resource oriented

principles

Highly extensible

Self contained

5

Manage Internet of EverythingDisruptive IoT capabilities

Mobile Apps

Cloud Apps

Things

Enterprise Apps

Managed Objects allow you to model and manage any

type of data object and relation.

Ideal for Identity Administration but the real game

changers is, it extends to IoT devices and things

6

Centralized Identity Administration in the

Hybrid World

Directories

Databases

Applications

AD, Sun,

Oracle, MS

SQL, SAP,

On-Prem

and Cloud

based apps

User self service

Dashboard/Reports

7

Shared Platform Benefits

Single REST framework with consistent set of

operations across the stack (CREST)

Single, extensible UI model for all products built on

CREST using backbone and jquery

Authentication and Authorization filters available to

protect the stack and REST end-points

Shared persistence data storage across platform

with common logging and event output

8

OpenIDM: Target Use Cases

■ Embeddable– Account Management

– Self-Service

■ Extranet / Customers / Partners /

Suppliers– Large scale user management

– Federated provisioning [Bridge]

■ Enterprise– Sun IDM replacement (for target use cases)

– Internal & External (hybrid enterprise and cloud) environments

9

Core Use Case Functionality

• Basic CRUD via RESTful API

• Automate (digitize) workflow processes

• Authoritative-source [HR] provisioning

• Password synchronization (AD intercept)

• Synchronize identity data

• Reporting & Compliance

• Self-service and password management

• Profile & entitlement management

10

Flexible Architecture

“Plug & Play” Architecture

■ All services are designed as standalone modularresources.

■ Use & run only those modular services needed.

■ Examples of Modularity:

– Repository

– Reporting

– BPM / Workflow Engine

– Scripting languages

Embeddable Architecture

■ Tiny footprint and 100%

open source for embeddable

IDM

■ Out-of-the-box REST

interfaces that use standard

development tools for all

programming languages

(e.g. -- Java, C, Perl, PHP,

Ruby, Groovy, etc)

11

Simple API & Scripting ModelREST API

■ Manage all core functions

using REST– UI, user admin,

sync, reconciliation.

■ Mirrors World Wide Web, and

uses HTTP protocol –

something ALL developers

understand

■ Platform and language

independent for enterprise,

cloud, social and mobile

environments.

JavaScript and Groovy

Scripting

■ Super friendly languages for

scripting custom rules and

business logic.

■ Standard scripting languages

attractive to massive number

of developers.

■ Scripting approach is agile,

lightweight and can be

dynamically modified at run-

time.

12

OpenIDM 3.1 Benefits Optimized to deal with massive scale user

populations targeting external facing identity use-cases. (>10M ids)

Enhanced enterprise use-cases with role based provisioning, aggregated view and an administrative user interface.

Rich set of connectors, both traditional on-premsolutions as well as off-prem SaaS solutions with the new CloudConnect Module making it the perfect hybrid Identity Management solution.

13

New: CloudConnect■ Module provides cloud connectors (Google Apps,

Salesforce, Office365, etc).

■ Offers easy On-Prem to SaaS synchronization

■ SSO Assertion Generation and Dashboard

(Future roadmap)

14

4 Connector Buckets

Base Connectors, part of OpenIDM Core.

Supported by ForgeRock.

Advanced Connectors, Individual connectors,

licesensed separately. Supported by ForgeRock.

CloudConnect – SaaS connectors part of the

CloudConnect module. Sold separate or as a

bundle. Supported by ForgeRock

Community connectors – not supported by

ForgeRock.

15

ICF 1.4 new connectors

■ Google apps with v2 API

■ .Net: PowerShell connector

– Supports both PS scripts and cmdlets!

■ Java: Groovy connector (associate a Groovy script for CRUD actions)

■ Groovy connector implementation: ScriptedSQL and ScriptedREST

■ Existing LDAP and AD connectors will be upgraded to 1.4 as well

■ SalesForce.com

16

Scripted Connectors

■ Scripted Groovy Connector Implementations

– Scripted SQL

– Scripted REST

– Scripted CREST

– Scripted Azure

■ Samples provided!

■ Microsoft Integration – The Scripted PowerShell

Connector

■ Samples provided illustrating Active Directory

17

What’s New?

■ Support for PostgreSQL/EnterpriseDB as repo

■ Provides a data aggregation of all known information

about a user, including identity data stored in managed

user and provisioned accounts linked to a user

■ Administrative User Interface – Visual Configuration!

– Connector Mgmt (multi-src, multi-target, dynamic UI based on

connector JSON)

– Account Admin (including Aggregated View)

– Schedules (recon/sync)

– Product Configuration

– Password Policy

18

What’s New?

■ Enhanced LDAP connector with Kerberos support *

■ SPML 1.0 support *

■ Single Record Reconciliation

■ “Generic” QueryFilter facility

– Write one query – have it work on any resource.

■ Reconciliation & Sync dashboard

19

Demonstration

FORGEROCK.COM | LEGAL INFORMATION

20

Admin UI: Cloud Connector

Configuration

■ Connect from Enterprise Source to Cloud based

SaaS application

– Example OpenDJ LDAP server - > GoogleApps

– Initial configuration in less than 5 min

– Data sync in less than 10!

21

Social JIT Provisioning

■ OpenIDM provides support for OpenID

authentication filters

■ Allows you to use Social Media IdP e.g. Google+

for login to OpenIDM

■ Harvest attributes from Google+ and JIT provision

to backend systems.

■ Allows massive and easy onboarding of users

22

OpenIDM takeaways

■ Simple to install and configure

– Quick POCs, Rapid ROI

■ Centralizes and synchronizes Identity (and more!)

– Automation eases administration of accounts, resources and more

■ Extensible, Standards based

– Developer friendly, fits unique situations quickly and easily

■ An important part of the ForgeRock stack!

– Plays well with OpenAM, OpenDJ and OpenIG

23

Where in the world is ForgeRock?

Gartner IAM Summit

December 2 - 4, 2014

Las Vegas, NV

Data Connectors Conference

December 4, 2014

San Francisco, CA

Argyle CIO Leadership Forum

December 10, 2014

New York, NY Visit forgerock.com for more details

24

Q & A

FORGEROCK.COM | LEGAL INFORMATION