Where to go from here

IDM can do much more than reconcile data between two different sources. Read about the key product features in these sections:

Reconciliation

IDM supports reconciliation between two data stores, as a source and a target.

In identity management, reconciliation compares the contents of objects in different data stores, and makes decisions based on configurable policies.

For example, if you have an application that maintains its own user store, IDM can ensure your canonical directory attributes are kept up-to-date by reconciling their values as they are changed.

For more information, refer to Synchronization overview.

Connectors

PingIDM uses connectors to integrate with external resources, both on-premise and in the cloud. Connectors handle the communication between IDM and a target resource, letting you synchronize, provision, and reconcile identity data across your environment.

Connectors are provided for many external resources, including:

Google Apps
Salesforce
LDAP (supports any LDAPv3-compliant directory, including PingDS and Active Directory)
CSV file
Database table

Check out the full list of available connectors.

Scripted and custom connectors

If the resource you need isn’t covered by a dedicated connector, use one of the scripted connector frameworks to connect to virtually any external resource:

Groovy connector toolkit: Run Groovy scripts to interact with any external resource that exposes a supported interface.

Learn more in Groovy connector toolkit.

For a sample implementation of the scripted Groovy connector, refer to Connect to DS with ScriptedREST.
PowerShell connector toolkit: Provision a variety of Microsoft services, including Active Directory, SQL Server, Microsoft Exchange, SharePoint, Microsoft Entra ID, and Microsoft 365.

Learn more in PowerShell connector.

For a sample configuration, refer to Connect to Active Directory with the PowerShell connector.

Which connector should I use?

First, check for a dedicated connector (full list of connectors). If one isn’t available:

If your resource exposes a REST API, start with the Groovy connector toolkit or Scripted REST connector.
For Microsoft services on Windows, use the PowerShell connector toolkit.
For LDAP-compliant directories, use the LDAP connector.
For SCIM-compliant cloud applications, use the SCIM connector.
For relational databases, use the Database table connector or Scripted SQL connector.

Try it out

Many of the samples provided with IDM walk you through connecting to different resources step-by-step. For example:

Sample name	Description
sync-with-csv	Synchronize data from a CSV file into IDM.
sync-with-ldap-bidirectional	Two-way synchronization with an LDAP directory.
sync-with-salesforce	Synchronize users between Salesforce and IDM.
sync-with-google	Synchronize accounts with the Google Apps connector.
sync-with-scim	Synchronize data between IDM and a SCIM provider.

Sample name

Description

sync-with-csv

Synchronize data from a CSV file into IDM.

sync-with-ldap-bidirectional

Two-way synchronization with an LDAP directory.

sync-with-salesforce

Synchronize users between Salesforce and IDM.

sync-with-google

Synchronize accounts with the Google Apps connector.

sync-with-scim

Synchronize data between IDM and a SCIM provider.

Authentication Modules

IDM provides several authentication modules to help you protect your systems. For more information, refer to Authentication and session modules.

User Role Management

Some users need accounts on multiple systems. For example, insurance agents may also have insurance policies with the company that they work for. In that situation, the insurance agent is also a customer of the company.

Alternatively, a salesperson may also test customer engineering scenarios. That salesperson may also need access to engineering systems.

Each of these user scenarios is known as a role. You can set up a consolidated set of attributes associated with each role. To do so, you would configure custom roles to assign to selected users. For example, you may assign both insured and agent roles to an agent, while assigning the insured role to all customers.

In a similar fashion, you can assign both sales and engineering roles to the sales engineer.

You can then synchronize users with those roles into appropriate data stores.

For more information, refer to Managed Roles. For a sample of how you can configure external roles, refer to Provision users with roles.

Business Processes and Workflows

A business process begins with an objective and includes a well-defined sequence of tasks to meet that objective.

You can also automate many of these tasks as a workflow.

After you configure the right workflows, a newly hired engineer can log in to IDM and request access to manufacturing information.

That request is sent to the appropriate manager for approval. After it is approved, IDM provisions the new engineer with access to manufacturing.

IDM supports workflow-driven provisioning activities, based on the embedded Flowable Process Engine, which complies with the Business Process Model and Notation 2.0 (BPMN 2.0) standard.

Additional Samples

IDM is a lightweight and highly customizable identity management product.

The documentation includes a number of additional use cases. Most of these are known as Samples, and are described in Samples provided with IDM.

These samples include step-by-step instructions on how you can connect to different data stores, customize product behavior using JavaScript and Groovy, and administer IDM with common REST API commands.