Untitled | PingIDM 8.0.0

Getting started

Guide to installing and evaluating PingIDM software. This software offers flexible services for automating management of the identity life cycle.

Quick Start

Start Here

Learn about what IDM does and how it can help your organization.

Where To Go from Here

Find pointers to the IDM product documentation to learn more about IDM.

Name changes for ForgeRock products

Product names changed when ForgeRock became part of Ping Identity.

The following name changes have been in effect since early 2024:

Old name	New name
ForgeRock Identity Cloud	PingOne Advanced Identity Cloud
ForgeRock Access Management	PingAM
ForgeRock Directory Services	PingDS
ForgeRock Identity Management	PingIDM
ForgeRock Identity Gateway	PingGateway

Old name

New name

ForgeRock Identity Cloud

PingOne Advanced Identity Cloud

ForgeRock Access Management

PingAM

ForgeRock Directory Services

PingDS

ForgeRock Identity Management

PingIDM

ForgeRock Identity Gateway

PingGateway

Learn more about the name changes in New names for ForgeRock products in the Knowledge Base.

About IDM

Whenever you need access to important information, administrators need to know who you are. They need to know your identity, which may be distributed in multiple accounts.

As a user, you might have several accounts even within your own company, for functions such as:

Email
Human Resources
Payroll
Engineering, Support, Accounting, and other functions

Each of these accounts may be stored in different resources, such as DS, Active Directory, OpenLDAP, and more. Keeping track of user identities in each of these resources (also known as data stores) can get complex. IDM simplifies the process, as it reconciles differences between resources.

With situational policies, IDM can handle discrepancies such as a missing or updated address for a specific user. The server includes default but configurable policies to handle such conditions. In this way, consistency and predictability is ensured, in an otherwise chaotic resource environment.

IDM can make it easier to track user identities across these resources. IDM has a highly scalable, modular, readily deployable architecture that can help you manage workflows and user information.

What Can You Do With IDM?

This software allows you to simplify the management of identity, as it can help you synchronize data across multiple resources. Each organization can maintain control of accounts within their respective domains.

IDM works equally well with user, group, and device identities.

You can also configure workflows to help users manage how they sign up for accounts, as part of how IDM manages the life cycle of users and their accounts.

You can manage employee identities as they move from job to job. You will make their lives easier as their user accounts can be registered on different systems automatically. Later, IDM can increase productivity when it reconciles information from different accounts, saving users the hassle of entering the same information on different systems.

PingIDM Integrations

Now that you have seen how IDM can help you manage users, review the features that IDM can bring to your organization:

Web-Based Administrative User Interface

Configure IDM with the Web-Based Administrative User Interface. You can configure many major server components without ever touching a text configuration file.
Role-Based Provisioning

Create and manage users based on attributes such as organizational need, job function, and geographic location.
Backend Flexibility

Choose the desired backend database for your deployment. IDM supports MySQL, Microsoft SQL Server, Oracle Database, IBM DB2, and PostgreSQL. For the supported versions of each database, refer to Before you install.
Password Management

Set up fine-grained control of passwords to ensure consistent password policies across all applications and data stores. Supports separate passwords per external resource.
Logging, Auditing, and Reporting

IDM logs all activity, internally and within connected systems. With such logs, you can track information for access, activity, authentication, configuration, reconciliation, and synchronization.
Access to External Resources

IDM can access a generic scripted connector that allows you to set up communications with many external data stores.

Where to go from here

IDM can do much more than reconcile data between two different sources. Read about the key product features in these sections:

Reconciliation

IDM supports reconciliation between two data stores, as a source and a target.

In identity management, reconciliation compares the contents of objects in different data stores, and makes decisions based on configurable policies.

For example, if you have an application that maintains its own user store, IDM can ensure your canonical directory attributes are kept up-to-date by reconciling their values as they are changed.

For more information, refer to Synchronization overview.

Authentication Modules

IDM provides several authentication modules to help you protect your systems. For more information, refer to Authentication and session modules.

User Role Management

Some users need accounts on multiple systems. For example, insurance agents may also have insurance policies with the company that they work for. In that situation, the insurance agent is also a customer of the company.

Alternatively, a salesperson may also test customer engineering scenarios. That salesperson may also need access to engineering systems.

Each of these user scenarios is known as a role. You can set up a consolidated set of attributes associated with each role. To do so, you would configure custom roles to assign to selected users. For example, you may assign both insured and agent roles to an agent, while assigning the insured role to all customers.

In a similar fashion, you can assign both sales and engineering roles to the sales engineer.

You can then synchronize users with those roles into appropriate data stores.

For more information, refer to Managed Roles. For a sample of how you can configure external roles, refer to Provision users with roles.

Business Processes and Workflows

A business process begins with an objective and includes a well-defined sequence of tasks to meet that objective.

You can also automate many of these tasks as a workflow.

After you configure the right workflows, a newly hired engineer can log in to IDM and request access to manufacturing information.

That request is sent to the appropriate manager for approval. After it is approved, IDM provisions the new engineer with access to manufacturing.

IDM supports workflow-driven provisioning activities, based on the embedded Flowable Process Engine, which complies with the Business Process Model and Notation 2.0 (BPMN 2.0) standard.

Remote Data Stores

IDM can connect to a substantial variety of user and device data stores, on premise and in the cloud. A number of specific connectors are provided, allowing you to connect to those dedicated data stores. In addition, you can connect to many more data stores using a scripted connector framework.

Connectors are provided for a number of external resources, including:

Google Web Applications (refer to Google Apps connector).
Salesforce (refer to Salesforce connector).
Any LDAPv3-compliant directory, including DS and Active Directory (refer to LDAP connector).
CSV Files (refer to CSV file connector).
Database Tables (refer to Database table connector).

For a full list, refer to Supported connectors.

If the resource that you need is not on the list, you should be able to use one of the scripted connectors to connect to that resource:

For connectors associated with Microsoft Windows, IDM includes a PowerShell Connector Toolkit that you can use to provision a variety of Microsoft services, including but not limited to Active Directory, SQL Server, Microsoft Exchange, SharePoint, Azure Active Directory, and Office 365. For more information, refer to Powershell connector. IDM includes a sample PowerShell Connector configuration, described in Connect to Active Directory with the PowerShell connector.
For other external resources, IDM includes a Groovy Connector Toolkit that allows you to run Groovy scripts to interact with any external resource. For more information, refer to Groovy Connector Toolkit.

For sample implementations of the scripted Groovy connector, refer to Connect to DS with ScriptedREST.

Additional Samples

IDM is a lightweight and highly customizable identity management product.

The documentation includes a number of additional use cases. Most of these are known as Samples, and are described in Samples provided with IDM.

These samples include step-by-step instructions on how you can connect to different data stores, customize product behavior using JavaScript and Groovy, and administer IDM with common REST API commands.