Provisioning

The OpenIAM Identity Manager provides a flexible provisioning and de-provisioning solution that enables the following functionality:

  • Provisioning and de-provisioning of accounts based on rules or job roles
  • Maintain detailed audit information
  • Incrementally provisioning account entitlements after an account has been created
  • Updating the account with new policies based on changes in the business, job codes, and other requirements

 

The provisioning module consists of  the following modules:

  • Process engine with a graphical designer
  • Provisioning services
  • Audit Logging
  • Reports

Connectors

OpenIAM is continually expanding its list of supported connectors.  Currently the following connectors are available:

  • LDAP
  • Active Directory
  • Google Apps
  • Exchange
  • Databases (Oracle, MYSQL, SQLSERVER)
  • Script Connector
  • Application Tables
  • Powershell Connectors

Request – Approval

While provisioning processes may be triggered through a variety of applications, such as an HR system, the OpenIAM Identity Manager provides a number of customizable forms in the self-service application to address common tasks.  These include:

  • New Hire
  • Requests for Access
  • Termination
  • Changes in Department, Supervisor, etc.

These forms are usually used within an approval process.  Upon approval, the identities and relevant entitlement information will be provisioned into the target system.

Custom Workflow

While OpenIAM allows you to quickly configure common approval workflows, the process engine allows you to define processes that are unique to each organization.  These processes can be designed using the graphical processor designer that runs as a plug-in to the Eclipse IDE.  Unlike some solutions, which provide a proprietary home-grown “identity workflow” designer, OpenIAM supports a full featured workflow engine. This allows OpenIAM to have greater flexibility in the type of processes that can be created and the systems that it can be integrated with.  To simplify the integration effort, OpenIAM includes several processes that can be viewed as a template to further enable rapid customization.  These processes include:

  • New Hire
  • Self Registration
  • Request access with single approval workflow
  • Request access with multi-step approval
  • Approval with escalation
  • Correction workflows for attestation

Synchronization

The synchronization functionality allows you to synchronize data from one or more authoritative sources to a set of managed systems. OpenIAM supports synchronization based on:

  • Events: Event based synchronization allows real time synchronization since the source system will place a message on the Identity Manager Bus to triggers synchronization
  • Scheduled Intervals: The time interval in which synchronization should occur can be configured. The interval may be as short as 1 min, enabling near real time synchronization, or at larger intervals.

When a new employee is added to the HR system, the synchronization process is triggered to detect this new record and initiate the synchronization process.  During the process, it can be configured to look at a number of factors such as job code to determine which applications they should have access to.

Reconciliation

Where synchronization is used to detect changes in the source system, Reconciliation is used to detect changes in the managed systems.  For example, if Active Directory is one of the managed systems, then changes made directly on Active Directory can be detected and then synchronized back into OpenIAM and the systems that it manages based on the rules that are in place.

Recent Posts
Cortlandt Manor, NY: OpenIAM announces version 3.5 of the Identity and Access Governance solution. The new release improves upon the previous version by offering better performance and scalability, improved flexibility, and better tools for operational support. Some of the new...
CORTLANDT MANOR, NY JUNE 21, 2016: OpenIAM, a top Open Source Identity and Access Management vendor, has bolstered security at organizations while increasing employee productivity through its automated Self-Service Portal. In lieu of calls to the help desk due to...
OpenIAM Profiled in CIO Review
This month, OpenIAM was featured in the technology magazine CIO Review.
Many of our Identity Management customers have a Microsoft Environment which consists of Microsoft Active Directory and complementary components such as Microsoft Exchange, Lync, SQL server, etc. Many of these customers have, or are in the process of adopting Microsoft’s...
See
More
Posts
read more
Sign in
Register
or
Lost your password?
Register

Products of Interest

How did you hear about us?

Registration confirmation will be emailed to you.