10th September 2015

midPoint: the Identity Governance and Administration tool

Nowadays companies grow fast and therefore the need to provide businesses with the capability to work effectively in complex technical environments is strong. When dealing with managing identities, simplifying and automating internal processes while keeping a high level of security is essential. The solution we offer you is an Identity Governance and Administration (IGA) tool, simply called midPoint.

MidPoint is the most comprehensive open Identity Management system currently available on the market. It is the basic building block of a complete Identity and Access Management solution. As IGA tool, midPoint will help you to solve problems in all these three areas: Identity Provisioning, Identity Governance & Compliance and also Access Management. In a combination with cloud solutions it will help you with Identity Management in any cloud and centralize the usage. Because of identity being the new security perimeter, MidPoint will ensure the security of your internal network and company resources. MidPoint is equipped with various features, from which we picked 6 most significant:

01 Identity Governance

Lowers the risk and threats by giving you the possibility to determine and control how identity information is used, stored and shared.

02 Audit

A feedback mechanism to verify important actions in the system, for example if users got the accesses to correct systems.

03 Organizational structure

MidPoint has implemented a very flexible organizational structure model. It supports not only hierarchical organizational trees, but can accommodate even other organization structure types.

04 Credential Management

Gives your authorised internal and external users a secure access to certain passwords. Generate strong unique passwords for users as well as resources.

05 Workflow

MidPoint is able to postpone selected actions (for example, role assignment) until they are approved by appropriate authority or authorities.

06 Entitlement Management

Specify the resources your users are allowed to access. Assign users some roles and manage them as groups, projects, units or any other forms suitable for you.

01 Identity Governance

MidPoint provides an option to define, enforce, audit and review policies responsible for the exchange of information between internal systems as well as the external ones. MidPoint covers whole enterprise user lifecycle management. It manages policies, access rights and privileges that each individual user has. MidPoint makes sure that all privileges are aligned with the policies. It supports regular access reviews (certifications) of various settings like assignment of roles to users as well as audits. These possibilities eliminate the impact of risk on business performance and they keep the security on a high level.

02 Audit

Thanks to this feature, you can record the most important interactions in the system in the computer-processable forms. The goal of the auditing is to record the interactions on “business” level, essentially recording who requests access, why requests are granted or denied, and who approves them. The audit record has to be machine-processable. It should be eventually possible to reconstruct a partial historical state of the system from the audit records by “going back in time”. The auditing subsystem in midPoint is designed to be pluggable. There are currently two auditing implementations: auditing to log files and to database table.

03 Organizational structure

MidPoint allows you to arrange your organization into organizational structure and manage it. Organizational structure can be composed of objects (orgs) like divisions, departments, workgroups, projects, teams, domains, or similar organizational division units. There are no limitations: the objects can have one or more parents and the structures can be even multiple. Organizational structure is usually related to the role structure where all users belonging to a specific department have the same role. For implementation of this arrangement MidPoint uses a powerful mechanism: every object is also a role at the same time. If this object has an inducement, for instance if user is assigned to such object, it behaves as a role and automatically computes and executes all the construction elements that the inducement leads to.


An example of the multiple organizational structure where a user is assigned to two structures.

04 Credential Management

With this feature, you can compose strong and unique passwords for both users and resources and also take care of them during their whole life cycle. MidPoint validades the passwords and generates them according to specific policies. You can decide what characters are allowed in the password, how many times they can repeat, how many are required and how they are positioned. You can also specify the minimal and maximal length of the password as well as the minimal number of unique characters used in it. To make the password policy even more complex, you can split the character set to uppercase letters, lowercase letters, digits and special characters. You don’t want some characters to be used in the passwords? Simply disallow them and your problems is solved.

05 Workflow

This process is a set of specific steps thanks to which a user gets access or the information after it is passed from one participant to another and is approved. The workflow actions consist of creation, update, enabling, disabling or deletion. The approval process may involve multiple approvers, in many arrangements. Within the process, not only concrete persons might be engaged, but also organization units or roles.

06 Entitlement Management

Entitlement Management is used for granting, resolving or enforcing entitlements. MidPoint will help you to make order between users, roles and resources, and increase your security level. A user is assigned to one or more roles and entitled to specific resources. Entitlement Management determines what are concrete users allowed to do once they enter the application or network. With centralized access policy, when the policy is entered or updated, all applications automatically receive the new or updated rule.

Who is midPoint suitable for?

MidPoint is suitable for a broad spectrum of deployments. MidPoint brings unprecedented combination of flexibility and cost efficiency therefore almost any organization can benefit from midPoint deployment. Here are some examples:

Manufacturing companies

Businesses that need to manage large supplier or partner networks as well as big number of customer records and contacts. MidPoint will seamlessly synchronize your records between internal and external systems and will improve user experience. MidPoint also manages physical accesses for your employees to move between working places, buildings, areas, etc.

Financial organizations

Organizations with strict security requirements. MidPoint centralizes the policy management, provides implementation of Role-Based Access Control (RBAC), Segregation of Duties (SoD), delegated administration and fine-grained authorization mechanism. It also provides support for reliable and efficient auditing as well as other state-of-the-art features.

Educational organizations

Universities or other organizations that need to manage records of professors, students, alumni, volunteers or similar identity types. MidPoint’s open source character provides both the technological background and business model that allows management of vast number of identities while still keeping the total cost of the solution reasonable.

Other enterprises

Enterprises that need to manage employee identities, organizational structure, employee roles, temporary workforce, agents, partners and similar types of identity records. MidPoint automates and streamlines the business processes, synchronizes several identity repositories and reduces the call center workload by implementing user self-service.

What next?

Try demo to see how midPoint works. Do you wish to get some more information about midPoint, it’s usage, support or price list? Click on the button below to contact us.

Try demoContact us now!

Documents to download

Privacy Preference Center