• Download a trial
  • Sales
  • Support
  • Login
logo
  • Home
  • Products
  • Solutions
  • Partners
  • About Us
  • Consulting
  • Resources
Request a Quote
  • Workforce Identity
  • Customer Identity
  • Comparison
  • Subscriptions

All Features

Overview of all features in Workforce Identity

User Onboarding and Offboarding

Automate joiner, mover, leaver processes

Access Request

Access requests with multi-step approvals

User Access Reviews

Save time with user access reviews

Self-Service Portal

Self-service portal for all end user activities

Segregation of Duties

Detect and remediate SoD violations

Password Management

Enforce password policies and enable synchronization

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Authentication and MFA

Improve security with adaptive authentication and MFA

3rd Party IdP Integration

Integrate with your existing identity provider

Integration API

Use the REST API to add identity into your applications

Connector Library

Integrate on-premise and SaaS applications

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Workforce Identity Concepts

All Features

Overview of all features in Customer IAM

Authentication and MFA

Improve security with adaptive authentication and MFA 

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Password Management

Enforce password policies and enable synchronization

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Customer Identity Concepts

Community vs Enterprise

Summary of the differences between the Community and Enterprise editions

Subscription Benefits

Overview of the benefits provided by an OpenIAM subscription

  • Integrations
  • Verticals
  • Workforce Use Cases
  • CIAM Use Cases
  • Compliance

Active Directory

Manage identity in Active Directory

Azure (O365)

Manage identity in Office365

SAP

Manage identity in SAP S/4 Hana

SAP SuccessFactors

Manage identity in SAP SuccessFactors

Workday

Manage identity in Workday

Education

Manage identity for students, staff and alumni

User Access Requests

Empower end users and improve compliance with user access requests

Strong Authentication

Improve security with adaptive authentication and MFA

Single Sign-On (SSO)

Improve customer experience with SSO

NIS2

Achieve compliance with the EU directive for cybersecurity frameworks.

DORA

Comply with the Digital Operational Resilience Act for the EU.

HIPAA

For healthcare organizations seeking HIPAA compliance.

  • Partners

Current Partners

Our Current Partners

  • About Us

About OpenIAM

Learn about OpenIAM

Press Releases

References to OpenIAM press releases

OpenIAM in the Media

References to OpenIAM in the media

Careers

Learn about open positions at OpenIAM.

  • Consulting

Proof of Value

Customized engagement to confirm defined proof of value objectives

Jump Start

Customized engagement to rapidly deliver a solution into production

Solution Implementation

Engagement with the objective to deliver a complete IAM solution based on customer requirements

  • Resources

Videos

Collection of videos describing how OpenIAM can be used to solve common use cases

Community Portal

Collaborative community portal to learn more about OpenIAM

CE Documentation

Documentation for the Community Edition

Blog

Musings on identity penned by the OpenIAM team

Webinar Calendar

Upcoming webinars and training sessions

Workforce Identity Concepts

Customer Identity Concepts

Identity Governance in a Hybrid Environment with OpenIAM

December 20, 2023
Ameet Shah

Many mid to large corporations today have environments which consist of both on-premises and SaaS solutions that are constantly growing in number. These companies may also utilize one or more cloud providers. Managing identities across this diverse landscape can be challenging in the absence of a suitable IAM platform. Consider the effort to:

  • Create identities for each user across these applications
  • Discover all the accounts that need to be disabled when a person leaves the firm
  • Discover all the accounts and entitlements that a person has to support periodic access reviews

Additionally, there is the risk related to not disabling these accounts in a timely manner; how many orphaned accounts are there in the environment today?

At some of our multi-national customers, this landscape increases in complexity as some applications are only available to regional users and others are available to the global user community. The challenges related to globally distributed companies will be explored in detail in an upcoming post.

Aside from the complexity and high cost of managing this diverse landscape, there are additional requirements to enforce security and comply with regulatory mandates. The need for governance has never been higher and traditional IAM solutions were not designed to meet the challenges imposed by this type of environment.

OpenIAM has been helping companies solve these challenges for years by delivering a unified, feature complete IAM platform which has the flexibility to be adapted to each customer’s varying business requirements.

Identity governance functionality

OpenIAM provides a comprehensive set of Identity Governance & Administration (IGA) features that enable control as well as reduce the time and effort needed to manage identities across connected systems. To ensure that users only have access to what they need, OpenIAM provides functionality to:

  • Automate user provisioning/deprovisioning with integration to one or more authoritative sources and downstream systems
  • Manage roles and entitlements
  • Manage birthright access using a business rules engine
  • Control the flow of execution using a workflow engine

The automated lifecycle functionality is complemented by a self-service portal which empowers end-users by allowing them to:

  • Manage their own profile
  • Change/reset their password
  • View their own access. If they have direct reports, they can view their subordinates’ access as well.
  • Request access from a service catalog using a shopping cart paradigm. Requests can be integrated with workflows. All access request workflows in OpenIAM support “n” levels of approval with support for service level agreements and escalations.

To fulfill regulatory requirements, access certification is provided. Access certification contains functionality to:

  • Collect evidence of a user’s access across applications
  • Review access using a streamlined interface
  • Administer the certification campaign via tools which include a progress dashboard and UI functionality which enables delegation to another reviewer, cancellations, and sending notifications.

The OpenIAM Governance platform is described in detail on our Workforce Identity Overview page.

Architecture

The functionality described above is the result of the functionality found in the service layer and integration options enabled by the flexible deployment architecture.

arch1

In the diagram above, the services are grouped into categories such as Shared Services and IDM Services. Each category may contain several services. These services may utilize infrastructure services like Vault, where secrets are maintained, or Redis, which is a distributed in-memory cache. Communication between the services is performed through RabbitMQ. Besides decoupling the services, the message bus also allows for services, especially the connectors, to be moved around. Consider the following scenario where OpenIAM is deployed at a cloud service provider but needs to integrate with both cloud and on-premise applications.

arch2Sample deployment architecture using Kubernetes on AWS

The diagram above shows that connectors which need to integrate with on-premise systems are deployed on-premise in a “connector VM”. Each of the connectors in the VM communicate with OpenIAM in the cloud through the message bus. As a result of this model, only one (1) IP address and one (1) port need to be opened regardless of the IP and port requirements of the end application. This communication is further protected over a VPN.

In this example, OpenIAM is already in the cloud and no special access is required to integrate with SaaS applications.

Conclusion

As highlighted above, OpenIAM provides rich business and technical functionality to allow integration with applications regardless of whether they are in the cloud or located on-premise.

Share

Leave a Comment

footer-top-logo
openIAM-white-logo

All modules of our IAM platform share a common infrastructure allowing customers to see one unified identity solution versus a collection of disparate products.

  • linkedin-icon
  • facebook-icon
  • twitter-icon
  • youtube-icon

sales@openiam.com

(858)935-7561

Copyright © 2025 OpenIAM. All rights reserved.
  • Privacy Policy