--- title: PingIDM description: PingIDM 8 brings together multiple sources of identity for policy and workflow-based management that puts you in control of the data. Build a solution to consume, transform, and feed data to external sources to help you maintain control over identities of users, devices, and things. Identity governance features in PingIDM let you gain visibility into employee provisioning, and help you proactively take action in managing employee access to external systems. component: platform version: 8 page_id: platform:platform-guide:identity-management canonical_url: https://docs.pingidentity.com/platform/8/platform-guide/identity-management.html section_ids: idm-overview: Overview of capabilities idm-dependencies: Dependencies identity-sync-module: Identity Synchronization module self-service-module: Self-Service module workflow-module: Workflow module social-identity-module: Social Identity module identity-lifecycle-module: Identity Lifecycle and Relationship module --- # PingIDM PingIDM 8 brings together multiple sources of identity for policy and workflow-based management that puts you in control of the data. Build a solution to consume, transform, and feed data to external sources to help you maintain control over identities of users, devices, and things. Identity governance features in PingIDM let you gain visibility into employee provisioning, and help you proactively take action in managing employee access to external systems. PingIDM modules: ![](../_images/fr-icon-Synchronization_Reconcilliation_2020-120919_15COLOR.vecta.svg) #### [Identity Synchronization](identity-management.html#identity-sync-module) ![](../_images/fr-icon-Basic_SelfService_2020-120919_35COLOR.vecta.svg) #### [Self-Service](identity-management.html#self-service-module) ![](../_images/fr-icon-Workflow_Engine_2020-120919_16COLOR.vecta.svg) #### [Workflow](identity-management.html#workflow-module) ![](../_images/fr-icon-Social_Signon_2020-120919_28COLOR.vecta.svg) #### [Social Identity](identity-management.html#social-identity-module) ![](../_images/fr-icon-Manage_Identities_2020-120919_25COLOR.vecta.svg) #### [Identity Lifecycle and Relationship](identity-management.html#identity-lifecycle-module) ## Overview of capabilities * Provisioning * Synchronization and reconciliation * Adaptable monitoring and auditing services * Connections to cloud services with simple social registration * Flexible developer access * Password synchronization * Identity data visualization * Delegated administration * User self-service * Privacy and consent * Progressive profile completion * Workflow engine * OpenICF connector framework to external systems ## Dependencies Several Identity Management modules require other modules. For example, the Synchronization module requires the Identity Lifecycle and Relationship module. The following diagram summarizes Identity Management module dependencies: ![PingIDM module dependencies](../_images/IDMDependencies.svg) ## Identity Synchronization module This module can serve as the foundation for provisioning and identity data reconciliation. Synchronization capabilities are available as a service and hrough REST APIs to be used directly by external applications. Activities occurring in the system can be configured to log and audit events for reporting purposes. Required module: Identity Lifecycle and Relationship. | Feature | Description | Documentation | | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Discovery and synchronization | Synchronization of identity data across managed data stores. | [Synchronization types](https://docs.pingidentity.com/pingidm/8/synchronization-guide/sync-types.html#overview-livesync) | | Reconciliation | Alignment between accounts across managed data stores. | [Synchronization types](https://docs.pingidentity.com/pingidm/8/synchronization-guide/sync-types.html#overview-recon) | | Password synchronization | Near real-time password synchronization across managed data stores. | [Password synchronization plugins](https://docs.pingidentity.com/pingidm/8/pwd-plugin-guide) | | PingDS and Active Directory plugins | Native password synchronization plugins for PingDS and Microsoft Active Directory. | [Synchronize passwords with DS](https://docs.pingidentity.com/pingidm/8/pwd-plugin-guide/chap-sync-dj.html), [Synchronize passwords with Active Directory](https://docs.pingidentity.com/pingidm/8/pwd-plugin-guide/chap-sync-ad.html) | | Delegated administration | Grant role-based, limited access to perform fine-grained administrative tasks on managed objects. | [Delegated administration](https://docs.pingidentity.com/pingidm/8/auth-guide/delegated-admin.html) | | All connectors | Extensible interoperability for identity, compliance, and risk management across a variety of specific applications and services. | [Connector reference](https://docs.pingidentity.com/openicf/connector-reference/preface.html) | ## Self-Service module This module can be used to allow end users to manage their own passwords and profiles securely according to predefined policies. Required modules: * Full capabilities: Identity Lifecycle and Relationship. * Basic capabilities: Intelligent Access. Learn more in [About user self-service](https://docs.pingidentity.com/pingam/8/user-self-service/about-uss.html) regarding self-service capabilities in PingAM. | Feature | Description | Documentation | | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------- | | User self-registration | End-user self-service UI that lets users create their own accounts with customizable criteria. | [Register a user](https://docs.pingidentity.com/pingam/8/user-self-service/uss-registering-users.html) | | Password reset | End-user self-service UI for changing and resetting passwords based on predefined policies and security questions. | [Reset forgotten passwords](https://docs.pingidentity.com/pingam/8/user-self-service/uss-forgotten-password.html) | | Knowledge-based authentication | Verification for user identities based on predefined and end user-created security questions. | [Configure knowledge-based security questions](https://docs.pingidentity.com/pingam/8/user-self-service/configuring-kba.html) | | Forgotten username | Mechanisms to allow users to recover their usernames with predefined policies. | [Retrieve forgotten usernames](https://docs.pingidentity.com/pingam/8/user-self-service/uss-forgotten-username.html) | | Progressive profile completion | Short forms used to simplify registration and incrementally collect profile data over time. | [Profile Completeness Decision node](https://docs.pingidentity.com/auth-node-ref/8/profile-completeness-decision.html) | | Consent and preference management | Configurable user preferences. | [Consent Collector node](https://docs.pingidentity.com/auth-node-ref/8/consent-collector.html) | | Terms and conditions (or terms of service) | Verifies the user has accepted the active set of terms and conditions. | [Terms and Conditions Decision node](https://docs.pingidentity.com/auth-node-ref/8/terms-and-conditions-decision.html) | ## Workflow module This module can be used to visually organize identity synchronization, reconciliation, and provisioning into repeatable processes with logging and auditing for reporting purposes. Required modules: Self-Service, Identity Lifecycle, and Relationship. | Feature | Description | Documentation | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | BPMN 2.0 support | Standards-based Business Process Model and Notation 2.0 support. | [BPMN 2.0 and workflow tools](https://docs.pingidentity.com/pingidm/8/workflow-guide/about-workflow-tools.html) | | Flowable process engine | Lightweight workflow and business process management platform. | [Enable workflows](https://docs.pingidentity.com/pingidm/8/workflow-guide/enable-workflows.html) | | Workflow-driven provisioning | Define provisioning workflows for self-service, sunrise and sunset processes, approvals, escalations, and maintenance. | [Create workflows](https://docs.pingidentity.com/pingidm/8//workflow-guide/create-workflow.html), [Invoke workflows](https://docs.pingidentity.com/pingidm/8//workflow-guide/invoke-workflow.html) | ## Social Identity module With this module, you can allow users to register and authenticate with specified standards-compliant social identity providers. These users can also link multiple social identity providers to the same account, establishing a single consumer identity. With the attributes collected from each user profile, you can configure the module to authorize access to applications and resources, including lead generation tools. Required modules: Self-Service, Identity Lifecycle, Intelligent Access, and Relationship. | Feature | Description | Documentation | | -------------- | ------------------------------ | ------------------------------------------------------------------------------------------------------------- | | Authentication | Social registration and login. | [Social authentication](https://docs.pingidentity.com/pingam/8/authentication-guide/social-registration.html) | ## Identity Lifecycle and Relationship module This module can help you to provision user identities into PingIDM, and includes the capability to manage roles, relationships between identities, and entitlements. Required modules: none. | Feature | Description | Documentation | | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | | Inbound provisioning engine | Provisioning engine to import data from an external resource into PingIDM. | [Synchronization](https://docs.pingidentity.com/pingidm/8/synchronization-guide) | | Data modeling | Ability to map PingIDM objects to tables in a JDBC database or to organizational units in a PingDS repository. | [Object mappings](https://docs.pingidentity.com/pingidm/8/objects-guide/explicit-generic-mapping.html) | | Identity lifecycle management | An extensible object model that enables you to manage the complete lifecycle of identity objects. | [Managed objects](https://docs.pingidentity.com/pingidm/8/objects-guide/managed-objects.html) | | Identity relationship lifecycle management | Ability to create and track relationship references between objects. | [Relationships between objects](https://docs.pingidentity.com/pingidm/8/objects-guide/relationships.html) | | Role lifecycle management | Provisioning roles to control how objects are exported to external systems and authorization roles to control authorization within PingIDM. | [Roles](https://docs.pingidentity.com/pingidm/8/objects-guide/roles.html) | | Entitlement lifecycle management | Entitlements to provision attributes or sets of attributes, based on role membership. | [Use assignments to provision users](https://docs.pingidentity.com/pingidm/8/objects-guide/working-with-role-assignments.html) |