What Is Identity Lifecycle Management?
Every organization needs to create and update accounts across applications and IT infrastructure – both on premises and in the cloud – when users are onboarded or roles and responsibilities change. Manually updating user accounts and access is repetitive, time-consuming, and can result in human error. This can significantly impact an organization’s security and the time it takes to onboard a new user.
It is critical to properly manage the roles and responsibilities assigned to users, devices, or objects to ensure that they are consistent with your organization's business policies. The practice of managing roles based on structure (function, title, and geographic location) and assigning and removing rights and resources quickly and systematically is known as user or account provisioning.
Identity Provisioning solutions automate this process, eliminating error-prone manual processes and providing a consistent and efficient way to create, modify, and remove user accounts.
Connecting to Multiple Downstream Systems and Applications
ForgeRock Identity Management leverages the standards-based Identity Connector Framework (ICF) to connect to multiple downstream systems and applications. Using a simple configuration, you can create, modify, and delete user accounts across a wide variety of systems and applications. These include Microsoft Active Directory, Microsoft Office 365, SAP, Salesforce and Marketo. (See the complete list of supported connectors and download links below.)
ForgeRock Identity Management comes with a variety of generic connectors that enable you to manage accounts in targets that support common standards, including LDAP, SQL, REST, and SCIM. Generic connectors enable you to provision users to any homegrown or commercial off-the-shelf (COTS) applications that leverage a database or LDAP server as a backend repository.
The ICF standards specification can be found here.
ICF Connectors provide:
- The flexibility required for massively scalable provisioning, while retaining the resiliency and choice of underlying legacy and modern systems and applications
- Instant, turnkey activation that allows connectors to be deployed easily, with no production downtime required to restart services
- An extensive object-based model with the flexibility to define different schemas, objects, attributes, and relationships that meet a variety of needs
- A modular, extensible, and independent approach by design from the core provisioning engine. This allows you to dynamically update services and upgrade connectors without reconfiguring or restarting
- Scriptable, enabling connections to bespoke APIs for data collection and bi-directional syncing. This offers exceptional flexibility to integrate, collect, and synchronize data from many different sources
If you need to build a custom connector to homegrown or custom applications that do not have standard connectors, ForgeRock provides a detailed developer guide with step-by-step instructions.