PingIDM
PingIDM 8 brings together multiple sources of identity for policy and workflow-based management that puts you in control of the data. Build a solution to consume, transform, and feed data to external sources to help you maintain control over identities of users, devices, and things. Identity governance features in PingIDM let you gain visibility into employee provisioning, and help you proactively take action in managing employee access to external systems.
PingIDM modules:
Overview of capabilities
-
Provisioning
-
Synchronization and reconciliation
-
Adaptable monitoring and auditing services
-
Flexible developer access
-
Password synchronization
-
Identity data visualization
-
Delegated administration
-
Privacy and consent
-
Progressive profile completion
-
Workflow engine
-
OpenICF connector framework to external systems
Dependencies
Several Identity Management modules require other modules. For example, the Synchronization module requires the Identity Lifecycle and Relationship module. The following diagram summarizes Identity Management module dependencies:
Identity Synchronization module
This module can serve as the foundation for provisioning and identity data reconciliation. Synchronization capabilities are available as a service and hrough REST APIs to be used directly by external applications. Activities occurring in the system can be configured to log and audit events for reporting purposes.
Required module: Identity Lifecycle and Relationship.
| Feature | Description | Documentation |
|---|---|---|
Discovery and synchronization |
Synchronization of identity data across managed data stores. |
|
Reconciliation |
Alignment between accounts across managed data stores. |
|
Password synchronization |
Near real-time password synchronization across managed data stores. |
|
PingDS and Active Directory plugins |
Native password synchronization plugins for PingDS and Microsoft Active Directory. |
|
Delegated administration |
Grant role-based, limited access to perform fine-grained administrative tasks on managed objects. |
|
All connectors |
Extensible interoperability for identity, compliance, and risk management across a variety of specific applications and services. |
Workflow module
This module can be used to visually organize identity synchronization, reconciliation, and provisioning into repeatable processes with logging and auditing for reporting purposes.
Required modules: Identity Lifecycle and Relationship.
| Feature | Description | Documentation |
|---|---|---|
BPMN 2.0 support |
Standards-based Business Process Model and Notation 2.0 support. |
|
Flowable process engine |
Lightweight workflow and business process management platform. |
|
Workflow-driven provisioning |
Define provisioning workflows for sunrise and sunset processes, approvals, escalations, and maintenance. |
Identity Lifecycle and Relationship module
This module can help you to provision user identities into PingIDM, and includes the capability to manage roles, relationships between identities, and entitlements.
Required modules: none.
| Feature | Description | Documentation |
|---|---|---|
Inbound provisioning engine |
Provisioning engine to import data from an external resource into PingIDM. |
|
Data modeling |
Ability to map PingIDM objects to tables in a JDBC database or to organizational units in a PingDS repository. |
|
Identity lifecycle management |
An extensible object model that enables you to manage the complete lifecycle of identity objects. |
|
Identity relationship lifecycle management |
Ability to create and track relationship references between objects. |
|
Role lifecycle management |
Provisioning roles to control how objects are exported to external systems and authorization roles to control authorization within PingIDM. |
|
Entitlement lifecycle management |
Entitlements to provision attributes or sets of attributes, based on role membership. |