Getting Started
Whenever you need access to important information, administrators need to know who you are. They need to know your identity, which may be distributed in multiple accounts. As a user, you might have several accounts even within your own company, for functions such as:
- Human Resources
- Payroll
- Engineering, Support, Accounting, and other functions
Each of these accounts may be stored in different resources, such as Active Directory, OpenDJ, OpenLDAP, and more. Keeping track of user identities in each of these resources (also known as data stores) can get complex. OpenIDM simplifies the process, as it reconciles differences between resources.
With situational policies, OpenIDM can handle discrepancies such as a missing or updated address for a specific user. OpenIDM includes default but configurable policies to handle such conditions. In this way, OpenIDM ensures consistency and predictability in an otherwise chaotic resource environment.
OpenIDM can make it easier to track user identities across these resources. OpenIDM has a highly scalable, modular, readily deployable architecture that can help you manage workflows and user information.
With OpenIDM, you can simplify the management of identity, as it can help you synchronize data across multiple resources. Each organization can maintain control of accounts within their respective domains.
OpenIDM works equally well with user, group, and device identities.
You can also configure workflows to help users manage how they sign up for accounts, as part of how OpenIDM manages the life cycle of users and their accounts.
You can manage employee identities as they move from job to job. You will make their lives easier as OpenIDM can automatically register user accounts on different systems. Later, OpenIDM will increase productivity when it reconciles information from different accounts, saving users the hassle of entering the same information on different systems.
In this guide, you will see how OpenIDM reconciles user data between two data stores. We will look at a department that is adding a third engineer, Jane Sanchez. Your Human Resources department has updated their data store with Jane Sanchez's information. You want to use OpenIDM to update the internal Engineering data store. But first, you have to start OpenIDM.
This section covers what you need to have on your system before running OpenIDM:
-
Operating System:
- 'ubuntu-latest' (or other Linux-like OS)
- 'macos-latest'
- 'windows-latest'
-
Java JRE:
- '8'
- '11'
- '17'
- '21'
- At least 250 MB of free disk space.
- At least 1 GB of free RAM.
- If your operating system includes a firewall, make sure that it allows traffic through (default) ports 8080 and 8443.
We provide this document, Getting Started with OpenIDM, for demonstration purposes only.
With this document, we want to make it as easy as possible to set up a demonstration of OpenIDM. To that end, we have written this document for installations on a unix-like operating system.
For a list of software that we support in production, see OpenIDM on Docker.
Please check java version before standalone install
$ java -version
openjdk version "1.8.0_402"
OpenJDK Runtime Environment (Temurin)(build 1.8.0_402-b06)
OpenJDK 64-Bit Server VM (Temurin)(build 25.402-b06, mixed mode)
or use OpenIDM on Docker
$ docker version
Client:
Cloud integration: v1.0.35+desktop.13
Version: 26.1.1
API version: 1.45
Go version: go1.21.9
Git commit: 4cf5afa
Built: Tue Apr 30 11:44:56 2024
OS/Arch: darwin/amd64
Context: desktop-linux
Server: Docker Desktop 4.30.0 (149282)
Engine:
Version: 26.1.1
API version: 1.45 (minimum version 1.24)
Go version: go1.21.9
Git commit: ac2de55
Built: Tue Apr 30 11:48:28 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.31
GitCommit: e377cd56a71523140ca6ae87e30244719194a521
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
$ export VERSION=$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenIDM/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4); echo "Last version: $VERSION"
Last version: 6.0.1
$ curl -L https://github.com/OpenIdentityPlatform/OpenIDM/releases/download/$VERSION/openidm-$VERSION.zip --output openidm.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 92.1M 100 92.1M 0 0 9421k 0 0:00:10 0:00:10 --:--:-- 9926k
$ unzip openidm.zip
Archive: openidm.zip
creating: openidm/
....
$ openidm/startup.sh -p samples/getting-started
Executing openidm/startup.sh...
Using OPENIDM_HOME: /tmp/openidm
Using PROJECT_HOME: /tmp/openidm/samples/getting-started
Using OPENIDM_OPTS: -Dlogback.configurationFile=conf/logging-config.groovy
Using LOGGING_CONFIG: -Djava.util.logging.config.file=/tmp/openidm/samples/getting-started/conf/logging.properties
Using boot properties at /tmp/openidm/samples/getting-started/conf/boot/boot.properties
-> OpenIDM version "6.0.1" (revision: 284a4) 2024-05-23T09:18:27Z master
OpenIDM ready
$ docker run -h idm-01.domain.com -p 8080:8080 -p 8443:8443 --name idm-01 openidentityplatform/openidm -p samples/getting-started
Unable to find image 'openidentityplatform/openidm:latest' locally
latest: Pulling from openidentityplatform/openidm
74ac377868f8: Already exists
a182a611d05b: Already exists
e58ce1bd2f23: Already exists
e1b7fbdee987: Already exists
4f4fb700ef54: Already exists
26716adeef7f: Pull complete
Digest: sha256:6a6df88ca40116de4bba7ddef126a214feee04e7161b0d6f39ff9c9f448cda94
Status: Downloaded newer image for openidentityplatform/openidm:latest
Executing /opt/openidm/startup.sh...
Using OPENIDM_HOME: /opt/openidm
Using PROJECT_HOME: /opt/openidm/samples/getting-started
Using OPENIDM_OPTS: -server -XX:+UseContainerSupport -Dlogback.configurationFile=conf/logging-config.groovy
Using LOGGING_CONFIG: -Djava.util.logging.config.file=/opt/openidm/samples/getting-started/conf/logging.properties
Using boot properties at /opt/openidm/samples/getting-started/conf/boot/boot.properties
ShellTUI: No standard input...exiting.
OpenIDM version "6.0.1" (revision: 284a4) 2024-05-23T09:18:27Z master
OpenIDM ready
Once OpenIDM is ready, you can administer it from a web browser. To do so, navigate to http://localhost:8080/admin or https://localhost:8443/admin. If you have installed OpenIDM on a remote system, substitute that hostname or IP address for localhost.
The default username and password for the OpenIDM Administrator is openidm-admin and openidm-admin (change this password). When you log into OpenIDM at a URL with the /admin endpoint, you are logging into the OpenIDM Administrative User Interface, also known as the Admin UI.
All users, including openidm-admin, can change their password through the Self-Service UI, at http://localhost:8080/ or https://localhost:8443/. Once logged in, click Profile > Password.
In a production deployment, you are likely to see resources like Active Directory and OpenDJ. But the setup requirements for each are extensive, and beyond the scope of this document.
For simplicity, this guide uses two static files as data stores:
- samples/getting-started/data/hr.csv represents the Human Resources data store. It is in CSV format, commonly used to share data between spreadsheet applications.
- samples/getting-started/data/engineering.csv represents the Engineering data store. It is in CSV format, a generic means for storing complex data that is commonly used to share data between spreadsheet applications.
You can find these files in the OpenIDM binary package that you downloaded earlier, in the following subdirectory: samples/getting-started.
Now that you have installed OpenIDM with a Getting Started configuration, you will learn how OpenIDM reconciles information between two data stores.
While the reconciliation demonstrated in this guide uses two simplified data files, you can set up the same operations at an enterprise level on a variety of resources.
Return to the situation described earlier, where you have Jane Sanchez joining the engineering department. The following illustration depicts what OpenIDM has to do to reconcile the differences.
OpenIDM enables you to consolidate multiple identity sources for policy and workflow-based management. OpenIDM can consume, transform and feed data to external sources so that you maintain control over the identities of users, devices and other objects.
OpenIDM provides a modern UI experience that allows you to manage your data without writing a single line of code. The standard RESTful interfaces also offer ultimate flexibility so that you can customize and develop the product to fit the requirements of your deployment.