• Download a trial
  • Sales
  • Support
  • Login
logo
  • Home
  • Products
  • Solutions
  • Partners
  • About Us
  • Consulting
  • Resources
Request a Quote
  • Workforce Identity
  • Customer Identity
  • Comparison
  • Subscriptions

All Features

Overview of all features in Workforce Identity

User Onboarding and Offboarding

Automate joiner, mover, leaver processes

Access Request

Access requests with multi-step approvals

User Access Reviews

Save time with user access reviews

Self-Service Portal

Self-service portal for all end user activities

Segregation of Duties

Detect and remediate SoD violations

Password Management

Enforce password policies and enable synchronization

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Authentication and MFA

Improve security with adaptive authentication and MFA

3rd Party IdP Integration

Integrate with your existing identity provider

Integration API

Use the REST API to add identity into your applications

Connector Library

Integrate on-premise and SaaS applications

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Workforce Identity Concepts

All Features

Overview of all features in Customer IAM

Authentication and MFA

Improve security with adaptive authentication and MFA 

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Password Management

Enforce password policies and enable synchronization

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Customer Identity Concepts

Community vs Enterprise

Summary of the differences between the Community and Enterprise editions

Subscription Benefits

Overview of the benefits provided by an OpenIAM subscription

  • Integrations
  • Verticals
  • Workforce Use Cases
  • CIAM Use Cases
  • Compliance

Active Directory

Manage identity in Active Directory

Azure (O365)

Manage identity in Office365

SAP

Manage identity in SAP S/4 Hana

SAP SuccessFactors

Manage identity in SAP SuccessFactors

Workday

Manage identity in Workday

AWS

Manage identity in AWS

Linux Server

Manage identity in Linux Server

Education

Manage identity for students, staff and alumni

User Access Requests

Empower end users and improve compliance with user access requests

Strong Authentication

Improve security with adaptive authentication and MFA

Single Sign-On (SSO)

Improve customer experience with SSO

NIS2

Achieve compliance with the EU directive for cybersecurity frameworks.

DORA

Comply with the Digital Operational Resilience Act for the EU.

HIPAA

For healthcare organizations seeking HIPAA compliance.

PCI DSS

Compliance with the Payment Card Industry Data Security Standard

SOC 2

Solutions for organizations subject to SOC 2 audits

GDPR

Take advantage of OpenIAM to comply with the General Data Protection Regulation

  • Partners

Current Partners

Our Current Partners

  • About Us

About OpenIAM

Learn about OpenIAM

Press Releases

References to OpenIAM press releases

OpenIAM in the Media

References to OpenIAM in the media

Careers

Learn about open positions at OpenIAM.

  • Consulting

Proof of Value

Customized engagement to confirm defined proof of value objectives

Jump Start

Customized engagement to rapidly deliver a solution into production

Solution Implementation

Engagement with the objective to deliver a complete IAM solution based on customer requirements

  • Resources

Videos

Collection of videos describing how OpenIAM can be used to solve common use cases

Community Portal

Collaborative community portal to learn more about OpenIAM

CE Documentation

Documentation for the Community Edition

Blog

Musings on identity penned by the OpenIAM team

Webinar Calendar

Upcoming webinars and training sessions

Workforce Identity Concepts

Customer Identity Concepts

Community vs Enterprise

OpenIAM is available in two versions: Community and Enterprise.

Community Edition (CE): A freely available release that customers can deploy in their environments. The CE represents the previous generation of the Enterprise Edition. For example, when v4.2.1 was released to the Enterprise, the last stable 4.2.0.x release was made available to the public as the CE. In this respect, the CE always has less features than the EE and support is provided through the community portal.
Enterprise Edition (EE): Only available through an active subscription and represents the latest stable release which customers can use in production. In addition to the commercial support, the EE contains a larger feature set in comparison to the CE. The version is being actively developed by the OpenIAM product engineering team to align with both customer requests and the published product roadmap.
 

Major differences between CE and EE

Authentication
The CE supports the following types of authentication: Password, OTP over email and SMS and limited adaptive authentication functionality. The EE supports all of the authentication methods found in the CE and adds OTP over IVR, certificate-based authentication, Kerberos, directory-based authentication, FIDO2 and the OpenIAM mobile authenticator with push notification. The EE also has broader adaptive authentication functionality.
 
The latest EE release also enables integration with Criipto to allow end users to authenticate using EU BankID such as MitID.
 
User life cycle management
  • Improved performance: The EE includes performance and architectural improvements that allow for large datasets to be processed efficiently when executing synchronization and reconciliation functions. 
  • Simulation mode: This functionality assists with testing and troubleshooting in a complex environment when a non-production environment is unavailable.  This feature is only found in the EE.
Privacy and consent

Consent management functionality has been introduced in the EE. This feature supports multiple languages, consent history, validate date, and admin tools to manage customer consent.

 
Contractor management
Allows managers to manage the contractor life cycle. Only available in the EE.
 
Self-service portal

The functionality to allow authorized users to create bulk access requests has been introduced in the EE.

 
Architecture 
CE deployments are limited to RPM and Docker Swarm. The EE can be deployed on Kubernetes and OpenShift as well as RPM. The EE contains significant architectural improvements that impact system performance, scalability, and high availability (HA). HA is only supported in the EE.
 

From release 4.2.1.12, the releases support the following operating systems: RPM (RHEL 9, RockyLinux 9, Alma linux 9) Docker (RHEL 9, RockyLinux 9, Alma linux 9, Ubuntu 22.04 LTS).

Feature Comparison

Features Community Enterprise
Authentication
Password Y Y
AD/LDAP authentication Y Y
OTP over SMS Y Y
OTP over email Y Y
OTP over IVR Y Y
FIDO 2   Y
OpenIAM authenticator with push   Y
Certificate-based auth Y Y
Kerberos Y Y
Social authentication Y Y
Adaptive authentication Y Y
PIV Authentication   Y
Integration with Criipto   Y
Single sign-on (SSO)
SAML Y Y
oAuth Y Y
OIDC Y Y
Reverse proxy Y Y
User life cycle management
Automated provisioning Y Y
Joiners (new users) Y Y
Movers (position change) Y Y
Leavers (disable, terminate) Y Y
Role-based provisioning Y Y
Reconciliation Y Y
Business rules engine Y Y
Orphan management Y Y
Entitlement management
Flexible RBAC model Y Y
Entitlement viewer and editor Y Y
Custom entitlement types Y Y
Direct entitlements Y Y
Unified view of IAM and target system entitlements Y Y
Entitlement synchronization from target applications Y Y
Entitlement provisioning to target Y Y
Access request and approvals (workflow)
Service catalog and shopping cart-based request-approval Y Y
Multi-step approvals Y Y
Integrated into self-service portal Y Y
Profile templates Y Y
Time-based auto-revocation Y Y
SLAs and escalations Y Y
Line-item level approval/rejections Y Y
Approval delegation Y Y
Out-of-office delegation Y Y
Email-based approval Y Y
Request administration (monitor, delegate, cancel) Y Y
User access reviews
User-based certifications Y Y
Entitlement-based certifications Y Y
Privileged and service account Y Y
Reports Y Y
Self-service portal
Supports integration with third party IdP for SSO Y Y
Unified SSO application launch pad Y Y
Self-service password reset (SSPR) Y Y
Change password Y Y
Profile management Y Y
View your access Y Y
View your direct reports and their access Y Y
Self-registration Y Y
Integrated request/approval Y Y
Integrated access review Y Y
Corporate directory lookup Y Y
Contractor management   Y
Manager self-service   Y
Bulk access requests for authorized users   Y
Password management
Flexible password policy Y Y
Password synchronization Y Y
Password dictionary Y Y
Active Directory password filter   Y
Self-service password reset
Challenge questions Y Y
One-time link Y Y
SMS-based one-time token Y Y
Credential provider
Windows   Y
MacOS   Y
Integration connectors
Core connectors Y Y
Cloud connectors Y Y
Enterprise connectors   Y
Privacy and consent
Consent management   Y
General features
Integration API Y Y
RPM deployment Y Y (RHEL 9, Alma Linux  9, Rocky Linux 9)
Docker Swarm Y Y (RHEL 9, Alma Linux  9, Rocky Linux 9, Ubuntu 22.04 LTS)
Kubernetes   Y
Supports High Availability (HA)   Y
Simulation mode for connectors Y Y
Simulation mode for email Y Y
Localization languages 5 13
Support Community Commercial

Let’s Connect

Managing identity can be complex. Let OpenIAM simplify how you manage all of your identities from a converged modern platform hosted on-premises or in the cloud.

For 15 years, OpenIAM has been helping mid to large enterprises globally improve security and end user satisfaction while lowering operational costs.

Download a Trial Contact Sales
footer-top-logo
openIAM-white-logo

All modules of our IAM platform share a common infrastructure allowing customers to see one unified identity solution versus a collection of disparate products.

  • linkedin-icon
  • facebook-icon
  • twitter-icon
  • youtube-icon

sales@openiam.com

(858)935-7561

Copyright © 2025 OpenIAM. All rights reserved.
  • Privacy Policy