The OpenIAM Identity Manager provides a flexible provisioning and de-provisioning solution that enables the following functionality:

  • Provisioning and de-provisioning of accounts based on rules or job roles
  • Maintain detailed audit information
  • Incrementally provisioning account entitlements after an account has been created
  • Updating the account with new policies based on changes in the business, job codes, and other requirements


The provisioning module consists of  the following modules:

  • Process engine with a graphical designer
  • Provisioning services
  • Audit Logging
  • Reports


OpenIAM is continually expanding its list of supported connectors.  Currently the following connectors are available:

  • LDAP
  • Active Directory
  • Google Apps
  • Exchange
  • Databases (Oracle, MYSQL, SQLSERVER)
  • Script Connector
  • Application Tables
  • Powershell Connectors

Request – Approval

While provisioning processes may be triggered through a variety of applications, such as an HR system, the OpenIAM Identity Manager provides a number of customizable forms in the self-service application to address common tasks.  These include:

  • New Hire
  • Requests for Access
  • Termination
  • Changes in Department, Supervisor, etc.

These forms are usually used within an approval process.  Upon approval, the identities and relevant entitlement information will be provisioned into the target system.

Custom Workflow

While OpenIAM allows you to quickly configure common approval workflows, the process engine allows you to define processes that are unique to each organization.  These processes can be designed using the graphical processor designer that runs as a plug-in to the Eclipse IDE.  Unlike some solutions, which provide a proprietary home-grown “identity workflow” designer, OpenIAM supports a full featured workflow engine. This allows OpenIAM to have greater flexibility in the type of processes that can be created and the systems that it can be integrated with.  To simplify the integration effort, OpenIAM includes several processes that can be viewed as a template to further enable rapid customization.  These processes include:

  • New Hire
  • Self Registration
  • Request access with single approval workflow
  • Request access with multi-step approval
  • Approval with escalation
  • Correction workflows for attestation


The synchronization functionality allows you to synchronize data from one or more authoritative sources to a set of managed systems. OpenIAM supports synchronization based on:

  • Events: Event based synchronization allows real time synchronization since the source system will place a message on the Identity Manager Bus to triggers synchronization
  • Scheduled Intervals: The time interval in which synchronization should occur can be configured. The interval may be as short as 1 min, enabling near real time synchronization, or at larger intervals.

When a new employee is added to the HR system, the synchronization process is triggered to detect this new record and initiate the synchronization process.  During the process, it can be configured to look at a number of factors such as job code to determine which applications they should have access to.


Where synchronization is used to detect changes in the source system, Reconciliation is used to detect changes in the managed systems.  For example, if Active Directory is one of the managed systems, then changes made directly on Active Directory can be detected and then synchronized back into OpenIAM and the systems that it manages based on the rules that are in place.

Recent Posts
RSA Conference 2020
OpenIAM will be exhibiting at RSA Conference 2020 in San Francisco at booth #3120.  We look forward to meeting you for questions and product demos.
The latest release by OpenIAM adds support for Red Hat Enterprise Linux 8 and continues to extend its scalable microservices based solution OpenIAM LLC, has announced the release of Identity and Access Management Platform version 4.1.6 today. This release adds...
OpenIAM v4.1 provides organizations with a feature complete IAM platform which leverages modern technologies such as Docker, Kubernetes, Elasticsearch and Redis to provide a user-friendly, small footprint solution which is currently in production at mid to large enterprises globally. Cortlandt...
CORTLANDT MANOR, NY JUNE 21, 2016: OpenIAM, a top Open Source Identity and Access Management vendor, has bolstered security at organizations while increasing employee productivity through its automated Self-Service Portal. In lieu of calls to the help desk due to...
read more
Sign in
Lost your password?

Products of Interest

How did you hear about us?

Registration confirmation will be emailed to you.