IDM 7.5.0

Samples provided with IDM

This section lists the samples provided with IDM (in the openidm/samples directory), with a high-level overview of each sample.

Get Started

The Getting Started sample shows you how to install and evaluate a basic use case in an IDM deployment.

Example Configurations

In addition to the samples listed here, IDM provides example configuration and data files that you can use to set up your own project. These files are in the samples/example-configurations directory. Each file in this directory is documented in the section that corresponds to the purpose of the file. For example, the conf/external.email.json file is described in Outbound email.

Synchronize Data From a CSV File to IDM

The sync-with-csv sample demonstrates one-way synchronization from an external resource to an IDM repository. The external resource in this case is a simple CSV file. User objects in that file are synchronized with the managed users in the IDM repository.

One-Way Synchronization From LDAP to IDM

The sync-with-ldap sample uses the generic LDAP connector to connect to an LDAP directory. The sample includes one mapping from the LDAP directory to the managed user repository, and demonstrates reconciliation from the external resource to the repository.

Two-Way Synchronization Between LDAP and IDM

The sync-with-ldap-bidirectional sample uses the generic LDAP connector to connect to an LDAP directory. The sample includes two mappings: one from the LDAP directory to the managed user repository, and one in the opposite direction. The sample demonstrates reconciliation from the LDAP directory to the repository and implicit synchronization from the managed user repository to the LDAP directory.

Synchronize LDAP Groups

The sync-with-ldap-groups sample uses the generic LDAP connector to connect to an LDAP directory. The sample builds on the sync-with-ldap-bidirectional sample by providing an additional mapping, from the LDAP groups object, to the managed groups object. The sample illustrates a new managed object type (groups) and shows how this object type is synchronized with group containers in LDAP.

Synchronize LDAP Group Membership

The sync-with-ldap-group-membership sample uses the generic LDAP connector to connect to an LDAP directory. The sample includes two mappings, one from the LDAP directory to the managed user repository, and one from the repository to the LDAP directory. The sample demonstrates synchronization of group membership; that is, how the value of the ldapGroups property in a managed user object is mapped to the corresponding user object in LDAP.

Synchronize Data Between Two External Resources

The sync-two-external-resources sample demonstrates synchronization between two external resources, routed through IDM. The resources are named LDAP and AD, and represent two separate LDAP directories. In the sample both resources are simulated with simple CSV files.

Asynchronous Reconciliation Using Workflow

The sync-asynchronous sample shows how you can use workflows to launch an asynchronous reconciliation operation.

LiveSync With an LDAP Server

The livesync-with-ad sample shows the liveSync mechanism that pushes changes from an external resource to the IDM repository. The sample uses an LDAP connector to connect to an LDAP directory, either ForgeRock Directory Services (DS) or Active Directory.

Synchronize Accounts With the Google Apps Connector

The sync-with-google sample uses the Google Apps Connector to create users and groups on an external Google system, and to reconcile those accounts with the IDM managed user repository.

Synchronize Users Between Salesforce and IDM

The sync-with-salesforce sample demonstrates how to create and update users in Salesforce, using the Salesforce Connector. The sample also shows synchronization of users between Salesforce and the IDM managed user repository.

Synchronize Kerberos User Principals

The sync-with-kerberos sample demonstrates how to use the scripted Kerberos connector to manage Kerberos user principals and to reconcile user principals with IDM managed user objects.

Store Multiple Passwords For Managed Users

The multiple-passwords sample demonstrates how to set up multiple passwords for managed users, and how to synchronize separate passwords to different external resources. The sample includes two target LDAP servers, each with different password policy and encryption requirements. The sample also shows how to extend the password history policy to apply to multiple password fields.

Link Multiple Accounts to a Single Identity

The multi-account-linking sample illustrates how IDM addresses links from multiple accounts to one identity. The sample shows how you can create links between a single source account and multiple target accounts, using link qualifiers that enable one-to-many relationships in mappings and policies.

Link Historical Accounts

The historical-account-linking sample demonstrates the retention of inactive (historical) LDAP accounts that have been linked to a corresponding managed user account.

Connect to DS With ScriptedREST

The scripted-rest-with-dj sample uses the Groovy Connector Toolkit to implement a ScriptedREST connector that interacts with the DS REST API.

Connect to MySQL With ScriptedSQL

The scripted-sql-with-mysql sample uses the Groovy Connector Toolkit to implement a ScriptedSQL connector that interacts with an external MySQL database.

Synchronize Users Between IDM and AzureAD

The sync-with-azuread sample uses the MS Graph API connector to synchronize users between IDM and Azure AD.

Connect to Active Directory With the PowerShell Connector

The scripted-powershell-with-ad sample uses the MS Active Directory PowerShell module to demonstrate how you can synchronize managed objects with a Microsoft Active Directory deployment. The sample provides a number of PowerShell scripts that let you perform basic CRUD (create, read, update, delete) operations on an Active Directory server.

Provision Users With Roles

The provisioning-with-roles sample builds on the sample described in One-way synchronization from LDAP to IDM, and demonstrates how attributes are provisioned to an external system (an LDAP directory), based on role membership.

Provision Users With Workflow

The provisioning-with-workflow sample demonstrates a typical use case of a workflow — provisioning new users. The sample demonstrates the use of the End User UI to let users complete a registration process.

Direct Audit Information To MySQL

The audit-jdbc sample uses a ScriptedSQL implementation of the Groovy Connector Toolkit to direct audit information to a MySQL database.

Direct Audit Information to a JMS Broker

The audit-jms sample demonstrates how the JMS audit event handler can publish messages that comply with the Java™ Message Service Specification Final Release 1.1.

Synchronize Data Between MongoDB and IDM

The sync-with-mongodb sample uses the Groovy Connector Toolkit to implement a scripted connector that interacts with a MongoDB Database. The connector can be used for provisioning MongoDB database users and roles from an IDM managed repository.

Synchronize Data Between HubSpot and IDM

The sync-with-hubspot sample demonstrates bidirectional synchronization between IDM managed users and HubSpot contacts.

Synchronize Data Between DocuSign and IDM

The sync-with-docusign sample demonstrates bidirectional synchronization between IDM managed users and DocuSign user accounts.

Synchronize Data Between a SCIM Provider and IDM

The sync-with-scim sample demonstrates bidirectional synchronization between IDM managed users and roles with corresponding users and roles from a SCIM provider.

Subscribe to JMS Messages

The scripted-jms-subscriber sample demonstrates the scripted JMS message handler, and how it performs ForgeRock REST operations.

Authenticate Using a Trusted Servlet Filter

The trusted-servlet-filter sample shows how to use a custom servlet filter and the Trusted Request Attribute authentication module to let IDM authenticate through another service.

Create a Custom Endpoint

IDM supports scriptable custom endpoints that let you launch arbitrary scripts through an IDM REST URI. The example-configurations/custom-endpoint sample shows how custom endpoints are configured and returns a list of variables available to each method used in a custom endpoint script.