MidPoint is a comprehensive system that internally implements advanced data synchronization algorithms. However, the basic principles of midPoint operation are surprisingly simple. Let’s explain it using the story of a new enterprise employee. When a company hires new employee, the information about him altogether with the contract details is usually recorded into HR system by the HR staff.
MidPoint scans the HR data for new records. When a new record is detected, midPoint pulls that record and evaluates it. The employee usually needs access to various systems, he is also added to various access groups pursuant to his job role and so on. He normally needs an email. MidPoint does the hard work: it will evaluate the policies, rules and scripts as well as compute what accounts each user should have according to his job roles. MidPoint will also compute the list of groups that user should belong to. Therefore in a couple of seconds all the accounts are automatically created and ready to be used by the new employee.
Provisioning user access on his first day is an unquestionable benefit. It saves a significant amount of time that is otherwise wasted by waiting to get access to the systems that the new employee needs. But there are even more important cases where midPoint helps. Changes in employee jobs, responsibilities and organizational assignments are much more frequent. This is much harder process to automate, as the policies for reorganizations are less precise and there is a significant amount of ad-hoc decisions. However, midPoint can handle even that by using automated workflow engine and processes based on request and approval of access rights.
MidPoint can automate all phases of the identity lifecycle, including the last one. Employees that leave the company must be completely revoked of all access rights to all the system. This was traditionally a very demanding and error-prone task which lead to critical security vulnerabilities. But midPoint solves that by tracing all the accounts and access rights that are assigned to an employee over his entire lifecycle in the company. When the employee leaves midPoint knows exactly what access rights to revoke. MidPoint does it reliably and instantly.
Advanced Identity Management
MidPoint can do much more than what we have described here. MidPoint can maintain security policies, it can support organizational audits, seamlessly synchronize hundreds of identity repositories, propagate data that are transformed on the way or in both directions at the same time and so on. MidPoint has a very advanced hybrid Role-Based Access Control (RBAC) mechanism. It has a very flexible organizational structure support. And midPoint goes beyond traditional identity management by supporting management of accounts, roles, groups as well as organizational units, tenants, services, projects, ad-hoc teams, devices – or anything else that is at least remotely related to the concept of “identity”.
MidPoint has a very unique place among Identity Management systems. MidPoint is a second-generation system. It was build on a green field with a specific purpose to improve on legacy first-generation IDM systems. And in this aspect midPoint exceeds all expectations. It is the most comprehensive open IDM system available on the market.
MidPoint is an open product distributed under the terms of a very liberal license. All midPoint engineers can see and understand the source code. Therefore even our partners can provide solution with the same technical excellence that a core midPoint developer would provide. MidPoint code can be modified to fit perfectly to any company’s needs. Other vendors will void your support agreement if you modify product code, but we in fact encourage partners to contribute to midPoint’s core. MidPoint has a vibrant and a very creative community. This allows midPoint to be the greatest open IDM product and to perpetually maintain that standard.
What next?
Have a look at midPoint yourself, we prepared on-line demo for you. You can also find interesting and more technical information at our wiki page. And if you wish to get some more information about pricing or support, feel free to contact us!