Open Identity SummitOpen Identity Summit

Víctor AkéProduct Manager for OpenAMForgeRock

OpenAMOpenAM

New Paradigm for the Modern Web

Converged Cloud creates new identity challenges for the enterprise

Mobile devices proliferate new granular identity dimension

As Big Data volumes grow, identity within high value data subsets vital

Social moves the web identity experience from “anonymous” to “personal”

Mobile Social Cloud Enterprise Things

OpenID Connect + REST APIs

REST Endpoints

Mobile Social Cloud Enterprise Things

OpenAM Core

HTTP(s)JSON

AuthN AuthZSession Validation

IdentityManagement

OAuth2RealmMgmt

OpenIDConnect

Logging

Modern AM at Internet ScalePerformance enhancementsSession Fail-OverMulti-tenancy

Mobile Application samples

Web App

Native App

Native App

Web App

LoginApp

RE

ST

/OA

uth2

/Ope

nID

Con

nect

Authentication

Authorization

Attribute Delivery

Federation

SSO

Token Persistence

Session Mgmt

OAuth2 Provider

OpenAM

Cloud

Enterprise

Social Authentication

Social moves the web identity experience from “anonymous” to “personal”

Out of the box OAuth2 Authentication module that allows integration with all kind of OAuth2 Providers

Authentication OATH Open Authentication

Standard for 2 facto authentication

No need to buy proprietary OTP 2-FA solutions

Any soft or hard OATH app or device

3rd Party authentication services

Adaptive Authentication

Next Steps …

Visit Us @ Forgerock.com

OpenAM 10.2 Q3/2013

OpenAM Designed for Scalability from the

beginning

Highly Available

Flexible and extensible architecture

Standards based

Developer friendly

Cloud ready

Mobile ready

OpenIDMOpenIDM

High Level Strategy The market is merging user provisioning and

compliance in to “Access Governance”

Role Based provisioning and re-certification of entitlements and roles is leading innovation in the space.

IDM solutions need to bridge and span across on premise and off-premise applications.

Being LEAN, SCALABLE and FLEXIBLE will be key to success.

Aggregated View Provides a fully configurable composite view of a users

footprint on provisioned resources

Attribute values can be fetched on-demand or stored meta-directory style – A true hybrid approach!

Fully read/writable – changes are pushed to the right system resource

Integrates perfectly with 3rd party SoD engines

Fully exposed via REST

Role Based Provisioning Bi-level role model with IT Roles and Business Roles

Roles used to assign entitlements and attributes on integrated resources in a manageble fashion.

Entitlement Assignment Policies

Support for NIST capabilites Temporal conditions Implicit/Explicit assignments Ability to Nest or include other roles Segregation of Duty based on roles

SaaS application connectors SalesForce Module

WebEx Connector

Stand alone PowerShell connector Allows you to easily integrate with Office 365, SharePoint etc.

What you need to know

OpenIDM 2.2 release date is Q4 2013

OpenDJ OpenDJ

High Level Strategy Providing the Identity repository for the

hybrid cloud-enterprise.

Made easy for the Administrators and the developers

Customers want a reliable, highly available directory service that scales vertically and horizontally anywhere.

Ubiquitous Directories

Amazon EC2

Company IDP

Headquarter

London San Francisco

Service cloud

REST to LDAP

Provides a new way to access the directory data

One familiar to most developers : HTTP / REST / JSON

SCIM like (and soon compliant)

Available embedded in OpenDJ or web application

Scaling for the Cloud Horizontal and elastic

scalability

Complete support for multi-tenants

What you need to know OpenDJ 2.6.0 will be available by end of

June 2013

OpenDJ 3.0 will come early 2014, with Proxy services

REST to LDAP is a game changer. Try it now and give us feedback.

Q&AQ&A