Open-source IdM midPoint
Česká obchodní inspekce
For our customer, the Czech Trade Inspection (CTI), a project of deployment of open-source Identity Management (IdM) MidPoint by Evolveum was implemented. A total of 6 applications were connected to IdM, managing approximately 500 users and roughly the same number of roles.
The aim of the project was to replace manual account management in central applications, simplify user lifecycle processes and automate processes to ensure compliance with the Cybersecurity Act.
Evolveum’s midPoint Identity Manager was the winner of the tender. The product offered all required functionalities or could be implemented in a documented and officially supported way.
MidPoint is offered as opensource, so it can be downloaded from the company’s website free of charge and even without any registration. Judging by the high activity on the product forums, MidPoint is widely used and new functionality is being added by the development team. According to feedback from its users, MidPoint is a very popular identity management tool and is being implemented in both commercial companies and universities.
The project was implemented and managed by AMI Praha specialists. For some applications containing web services APIs, the corresponding connectors were programmed into IdM, for HR, Active Directory and Exchange applications the connectors supplied with the midPoint product were used.
The CTIA uses a variety of applications, which are mainly Active Directory with Exchange as the main directory, OKbase by OKsystem as a source of data on employees, temporary workers, freelancers, workplaces and organizational structure, Ginis by Gordic, Mercurius by Inisoft s.r.o. and EIS Jasu by MÚZO Praha.
From a technological point of view, it was therefore necessary to connect the following systems:
- Workers registered in OKbase
- Organizational structure in
- Workplaces in OKbase
- Users and groups in Active Directory
- Mailboxes in Exchange
- Users and roles in Ginis
- Users and roles in EIS Jasu
- Users and roles in Mercury
The connection of the OKbase and Active Directory applications to Exchange was implemented using standard connectors supplied directly by the IdM vendor.
Custom connectors were developed for connecting Ginis, EIS Jasu and Mercurius applications to IdM. The connectors communicate with the web services API using SOAP.
Synchronization jobs are defined in IdM that retrieve source information about users, organizational structure and jobs from OKBase at hourly intervals. Based on the defined business processes and requirements of the CTIA, IdM processes the data and sends the changes to the target applications. The administrators of the individual applications are automatically informed by email about important changes.