OpenIAM is now relied on by large corporations with thousands of employees and smaller businesses. The OpenIAM platform consists of Workforce Identity, which helps manage identities for employees and contractors, whereas Customer Identity is used to manage identities of customers, partners, and vendors. Customers come from various industries, including government, banking, telecom, education, healthcare, manufacturing, media, and retail. Organizations deploying the Workforce identity vary in size from a few hundred users to over 100,000.
Organizations deploying the customer identity platform are using it to support 10s of millions of users in some cases.
OpenIAM is now a well-established enterprise specializing in a complete roster of identity access, authorization, access management and cloud security solutions. Some companies offered full stacks like Microfocus, IBM and Oracle, but their solutions were difficult to implement because they relied on proprietary integration methods and demanded in-depth knowledge of individual products.
First, an open, easy-to-deploy, unified IAM platform was developed with two goals: to facilitate integration with widely-used protocols and to reduce the need for proprietary technology.
OpenIAM’s unified Identity and Access Management platform includes Identity governance, web access management, multi-factor authentication (MFA), Customer IAM, and Privileged Identity. According to Gartner, this is termed as converged architecture due to its shared components.
Separation of Duties has been introduced into the Workforce Identity platform. Customer can define conditions for toxic access and OpenIAM will monitor various area such as access certifications, access requests, and administrative tasks to detect policy violations and subsequently notify the appropriate user.
In this update, the company has implemented a password-less authentication system. In addition, OpenIAM has a mobile app that allows users to log in with push notifications and biometrics.
By implementing privileged identity functionality, it’s possible to record all operations performed by an admin on Windows or Linux server. These sessions can be played back later.
Authentication activity, inactive accounts, orphaned accounts, and recently discovered privileged accounts could be viewed in one convenient location thanks to the new descriptive analytics in the dashboard.
Additionally, OpenIAM Identity Governance’s automated provisioning features allow businesses to provide new hires with a good onboarding experience more easily and reliably. An HR system is one example of an authoritative source that can be integrated with OpenIAM to monitor personnel changes like hiring, promotions, and layoffs. The business rules engine can process data from the source about employees to establish entitlements at birth. The integration connectors are notified of the new hire’s start date and given the necessary access information to provision the new account.
Improved efficiency and lower operating costs due to less work for IT personnel due to automation and less work for service teams can reduce costs.
Performing the steps described above manually can be error-prone and lacks consistency from user to user. However, detailed audit logs related to all automated operations and requests for access provide traceability into how and why users have the access they have.
Case Study: OpenIAM’s benchmark in healthcare
The cost of health care in the United States and Canada is steadily rising. A DI-r (Diagnostic Imaging Repository) is a cost-cutting tool for physicians who order multiple tests. Patients’ diagnostic imaging results, such as CT scans, ultrasounds, MRIs, and x-rays, are made available to clinicians through a shared regional DI-r.
One of Canada’s most prominent Tier-1 systems integrators was hired by a group of more than 20 Canadian hospitals to provide a complete DI-r solution. To accomplish the goals, a combination of components from various vendors was employed.
Identity and Access Management was provided by OpenIAM, which was chosen for this solution. This solution is based on data from a variety of sources. Active Directories or CSV files supplied by each institution are examples of this type of data. Configured Identity Manager’s synchronization engine to support multiple sources and defined business rules to process source data, associate users with appropriate business roles, and then drive provisioning into various systems.
System administrators at the service provider were granted access to the solution in a multi-tenant mode, whereas hospital staff was only granted access to their own institution.
