Identity Provisioning – Concept

Identity Provisioning (PIP) is a policy-based service that can leverage corporate rules and policies regarding the handling of electronic identity and information contained in data sources (LDAP, SQL, …).

The product has functions for distribution, synchronization, compilation, modification and follow-up of identity and attributes content. Two-way provisioning is supported, which means that connected systems can be both source of information and target for modification.

PIP can communicate via web service or directly with all modern databases and LDAP v3 directories.

An image of so-called integrated identity information is constructed in the service. In short, this means that it can work against one or more data sources in order to compile a virtual image of what an object (user, unit, group, role, etc) looks like. The image of an object is configurable and its information can be processed via different operations before being distributed and stored in various data repositories.

Using PIP, companies and organizations can ensure high quality data between systems that is relevant to their processes. This is especially important when planning to carry out extensive migration of information between systems. Data migration often have a pre-defined workflow which can be automated with PIP.

Powerful reporting features included with PIP will increase assets visibility existing within an organization. PIP can control and report whether information from different corporate data sources is consistent or not.

Systems and processes supported by PIP follows guidelines from the “best practices” contained in frameworks such as ITIL, MOF and the like. Identity Provisioning is a powerful and flexible solution working with existing infrastructure and resources, thus there are no hidden costs and expensive investments to make.

Identity Management Architecture

The product consists of a server engine and components such as Policies, Data Sources, Actions and Schedules. Everything is developed in Java and can be started as a service on Windows and as a daemon process on other operative systems. There is also an internal database, which is used to store configuration information and to handle transaction lines and time stamps.

aam-concept

The above picture includes components from both Identity Manager and Identity Provisioning.

Technical Data

Supported Operating Systems

Any operating system compatible with Java Virtual Machine (JVM) version 1.8 or higher, for example Microsoft® Windows®, Linux™, Sun® Solaris®, IBM® AIX , HP/UX.

Data Source Support

Native Connectors

  • LDAP version 3 Directory Service, for example Microsoft® Active Directory®, OpenDS, Siemens DirX, Open LDAP, Sun One®, iPlanet, Netscape, Novell® eDirectory® etc.)
  • JDBC (Java Database Connectivity)
  • ODBC (Open Database Connectivity)
  • CSV File (Files with fields separated by a character, e.g. a comma)
  • LDIF File (LDAP Data Interchange Format
  • Web services (SOAP and REST)

Provisioning for Service Providers

There is a number of actions available to do provisioning to different service providers such as Salesforce.com, Google and Microsoft Office 365.

These add-on actions are not shipped with the standard actions. See more information under the category Additional Action Packages.

Recommended Hardware

The application requires:

RAM: Minimum: 1,5 GB and vary depending on size of source data to process in memory.

HD: 100 MB for application + additional space for log rotation