RSA Conference 2019

No Comments

We will be exhibiting at the RSA Conference in San Francisco in March, and welcome the opportunity to meet you in person for questions and on-site demos.


Categories: Announcements

OpenIAM Releases Fully Containerized Identity Governance and Web Access Management Platform

No Comments

OpenIAM v4.1 provides organizations with a feature complete IAM platform which leverages modern technologies such as Docker, Kubernetes, Elasticsearch and Redis to provide a user-friendly, small footprint solution which is currently in production at mid to large enterprises globally.

Cortlandt Manor, New York: OpenIAM LLC, announces a major new release of its Identity Governance and Web Access Management (IAM) platform. This release provides customers with an IAM stack which includes user life cycle management, unified Self-Service Portal, browser-based administration tools, workflow engine, a rich library of connectors, and out-of-the-box strong authentication via One Time Password (OTP). The overall solution helps organizations reduce operational costs, improve end user efficiency, strengthen security and enable compliance with regulatory mandates such as CFAR and GDPR.

The OpenIAM Self-Service Portal provides end users with a broad range of functionality including Single Sign-On, workflow-based request approval, and Self-Service Forgot Password functionality. Out-of-the-box OTP (One Time Password) via SMS and mobile applications for iOS and Android can be configured to improve security for access into OpenIAM and sensitive applications.

Rapid configuration tools combined with a rich catalog of application connectors enables shorter implementation cycles. The connector library includes widely adopted enterprise technologies such as Microsoft’s Active Directory, Office365, Salesforce.com, SAP, Oracle EBS and many more.

Full support for containers simplifies operational tasks related to installation and patching/upgrades by reducing the effort to a series of commands which can be carried out in minutes and not hours as is often the case with IAM solutions.

Categories: Announcements

v3.5 of the OpenIAM Identity and Access Governance Suite Gets Rolled Out

No Comments

Cortlandt Manor, NY: OpenIAM announces version 3.5 of the Identity and Access Governance solution. The new release improves upon the previous version by offering better performance and scalability, improved flexibility, and better tools for operational support.

Some of the new features and improvements include:

  • Improved Role Based Access Control Model: Customers may need to run two versions of an application in parallel. Data Model Versioning ensures that changes in one version are not rolled out to users of another version, and allows customers to have fine-tuned control over the process.
  • Distributed Connector Architecture: This change in connector architecture allows for far greater performance, scalability and options for cloud and on-premise deployments.
  • User Management: Better operational tools that simplify tasks such as renaming of users (in the event of changes in marital status, for example), as well as expanded UI support for logging/resending of emails.
  • Message Queue Management: Operational tools that allow administrators to have greater visibility into the OpenIAM message queue where they can see the number of messages in progress, success/failures, and the option to retry fail messages.

A full list of the new features to look forward to in version 3.5 can be found on our wiki.

Categories: Announcements

Managing Active Directory and Office365 through OpenIAM

No Comments

Many of our Identity Management customers have a Microsoft Environment which consists of Microsoft Active Directory and complementary components such as Microsoft Exchange, Lync, SQL server, etc. Many of these customers have, or are in the process of adopting Microsoft’s Office 365 platform (O365). Adopting O365 allows companies to move some of the components to the cloud.

Microsoft provides a technology called DirSync (which is currently being replaced by Azure Connect), which allows you to sync accounts in AD to the cloud platform so that users have a single identity between the cloud and on-premise world.

By itself this functionality does not go far enough to address the needs of larger customers who need to manage thousands of users, integrate various other technologies and conform to corporate policies. Some of the challenges are listed below. You will find that some of these issues may not be relevant to your environment as this will depend on the components of the Microsoft stack which are being used and how the synchronization between AD and O365 has been enabled.

For new users (Joiners) and existing users, consider:

  • Activesync accounts from on-premise AD to O365 Tenant
  • Mailbox
    • Does the user get an on-premise mailbox or one in the cloud?
    • If on-premise, do we still want to synch to the cloud as a backup mailbox?
    • Being able to switch existing users from on-premise to cloud
    • Resource mailboxes (Room, Equipment, etc) on-premise or in the cloud
    • Creating a secondary mailbox in the cloud for users who may have a primary mailbox on-premise
    • Show in Global Address List (GAL) or not?
  • On-premise home folder vs OneDrive for Business or both
  • Office365 Subscription Management
    • If you pick an E3 subscription, should you be entitled to all the functionality in an E3 subscription?
    • Are there other O365 services like CRM Online which are available to some users?
  • Mobile Device Management - On-premise vs Intune (Cloud)

To enable deprovisioning users (Leavers), consider:

  • Disabling the account in Active Directory
  • If on-premise mailbox, then disable the mailbox per polices
  • If it’s a cloud mail then set cloud-related policies such as the retention period
  • Disabling from the GAL

If this process is not governed by a flexible automated solution, then the administrative overhead must also be factored in which will be both time consuming and potentially error prone.

The rest of this article describes how the OpenIAM Identity manager was used to address these challenges at a large customer. In this case, the organization:

  • Has users which are geographically distributed
  • Was moving from exchange online to O365, but both environments had to be supported
  • Needed to support both automated provisioning and deprovisioning from a source system to manage users from the UI

Categories: Blog

OpenIAM’s Self-Service Portal Strengthens Security and Increases Productivity

No Comments

CORTLANDT MANOR, NY JUNE 21, 2016: OpenIAM, a top Open Source Identity and Access Management vendor, has bolstered security at organizations while increasing employee productivity through its automated Self-Service Portal. In lieu of calls to the help desk due to forgotten passwords, which often results in long periods of downtime, users can quickly and securely reset their login credentials and resume being operational.

Employees have numerous options that are fast, secure and convenient when it comes to resetting their passwords through the OpenIAM Self-Service Portal. For instance, there are challenge response questions that can be customized so that users can reset their credentials by providing answers only they would know. Additionally, employees can create a new password using a One Time Token that is securely sent to their mobile device. All of this translates into no downtime due to forgotten passwords.

“There is an increased security risk during the call to the help desk as the agent assisting the user may not adequately screen the user before changing their password. This leaves valuable company resources potentially open to attack. OpenIAM’s fully automated Self Service portal reduces this risk,” said Ameet Shah, Chief Marketing Officer of OpenIAM.

OpenIAM offers one of the most comprehensive Self Service portals currently available that allows you to reset your password securely and quickly. Downtime due to forgotten passwords is eliminated and productivity is resumed. This feature provides the following capabilities:

  • Web-based challenge-response using security questions
  • One Time Token via SMS/Text to reset a password in case the user forgot their questions
  • Windows credential provider to unlock a user’s account in case they locked themselves out of their windows desktop
  • Self Service change password functionality
  • Active Directory password filter that allows users to change their password in Windows and have it synched back to IDM

The Self Service portal is one of the many features of the OpenIAM Identity and Access Governance platform that is in use in deployments around the globe.

Categories: Announcements

OpenIAM Collaborates with Red Hat to Deliver its Identity and Access Management Suite on the AWS Marketplace

No Comments

Cortlandt Manor, NY, October 5, 2015: OpenIAM, a provider of Open Source Identity and Access Management (IAM) solutions, is collaborating with Red Hat to make its IAM suite available as an Amazon Machine Image (AMI) on the Amazon Web Service (AWS) Marketplace. The AMI uses Red Hat Enterprise Linux.

“OpenIAM is pleased to be included in the AWS Marketplace supporting our IAM stack with Red Hat Enterprise Linux,” said Arun Shah, CEO at OpenIAM. “The AWS marketplace allows customers to be up and running with OpenIAM in minutes and allows the solution to scale to support large deployments. This offering will be part of a managed service, allowing customers to focus on their business and let OpenIAM support their IAM infrastructure.”

“Red Hat is deeply committed to building a robust ecosystem of supported software for the cloud with our partners. The OpenIAM stack, based on open standards and supported on Red Hat Enterprise Linux in the cloud, delivers flexibility for customers looking for a fully supportable cloud-based identity infrastructure. We are pleased to include them as part of our software partner ecosystem,” said Mike Werner, Senior Director, Global Technology Partner Programs, Red Hat.

The OpenIAM solution suite offers customers the following functionality:

  • Strong Authentication and Flexible Authorization engine
  • Self Service portal for end users to manage their own profile, applications/programs request approval, and change password
  • Forgot Password management
  • Single Sign-On to cloud and on-premise applications
  • Automated Provisioning and De-provisioning
  • Access Review and Certification
  • Audit and Compliance

Categories: Announcements