Software: Synchronizes databases so roles and authorizations are up to date
MidPoint is an open source identity management and identity governance solution developed by Evolveum. Core features include creating and managing groups, organizational units, and user accounts. MidPoint is designed to help build a unified identity layer on top of your existing infrastructure.
MidPoint is used in the InCommon Trusted Access Platform architecture as the registry that creates and manages unique institutional identities and for provisioning/de-provisioning of users and their authorization to applications.
The InCommon Trusted Access Platform architecture recommends midPoint as an entity registry for holding unique institutional identities and their associated attributes. It also has a powerful provisioning engine with a universal connector framework, reducing time to integrate with applications. Connectors are available for many service and applications such as Active Directory, SQL databases, or cloud services like GSuite or Microsoft 365. The platform includes a packaged version of midPoint integrated with the rest of the components to ease the deployment and management of the entire suite.
midPoint also:
- Offers identity management process automation. It supports delegation of privileges and has a built-in engine that enables self-service for access requests enhanced with a configurable approval process.
- Supports academic identity federation use-cases. Can provide data for the Identity provider software and midPoint itself supports sign-in using SAML2 protocol.
- Manages identity-related parts of the enterprise organizational security policy. midPoint can check password quality, maintain segregation of duties, etc.
- Uses role-based access control (RBAC). midPoint automatically computes user privileges based on his or her membership in roles. The midPoint RBAC model is one of the most powerful models in the entire IdM field.
- Manages organizational structure and its synchronization to other systems.
- Enables seamless management of guest accounts.
- Can track different relations of users with the organization or its units (student, teacher, employee, or any simultaneous combination).
- Supports security auditing and reporting: midPoint keeps an audit trail of all user privilege changes. It has a built-in reporting engine to generate reports for identities collected from all of the connected systems.
- Provides non-intrusive integration using identity connectors. midPoint connectors are simple pieces of code that allows it to remotely connect to other systems and manage identity data. The connectors are non-intrusive: the connected system does not need to be changed.
- Manages complex policies that govern the business aspect of identity management.