Getting Started With OpenIDM

Whenever you need access to important information, administrators need to know who you are. They need to know your identity, which may be distributed in multiple accounts. As a user, you might have several accounts even within your own company, for functions such as:

  • Email

  • Human Resources

  • Payroll

  • Engineering, Support, Accounting, and other functions

Each of these accounts may be stored in different resources, such as Active Directory, OpenDJ, OpenLDAP, and more. Keeping track of user identities in each of these resources (also known as data stores) can get complex. OpenIDM simplifies the process, as it reconciles differences between resources.

With situational policies, OpenIDM can handle discrepancies such as a missing or updated address for a specific user. OpenIDM includes default but configurable policies to handle such conditions. In this way, OpenIDM ensures consistency and predictability in an otherwise chaotic resource environment.

OpenIDM can make it easier to track user identities across these resources. OpenIDM has a highly scalable, modular, readily deployable architecture that can help you manage workflows and user information.

What Can You Do With OpenIDM?

With OpenIDM, you can simplify the management of identity, as it can help you synchronize data across multiple resources. Each organization can maintain control of accounts within their respective domains.

OpenIDM works equally well with user, group, and device identities.

You can also configure workflows to help users manage how they sign up for accounts, as part of how OpenIDM manages the life cycle of users and their accounts.

You can manage employee identities as they move from job to job. You will make their lives easier as OpenIDM can automatically register user accounts on different systems. Later, OpenIDM will increase productivity when it reconciles information from different accounts, saving users the hassle of entering the same information on different systems.

What You Will See In This Document

In this guide, you will see how OpenIDM reconciles user data between two data stores. We will look at a department that is adding a third engineer, Jane Sanchez.

Your Human Resources department has updated their data store with Jane Sanchez’s information. You want to use OpenIDM to update the internal Engineering data store. But first, you have to start OpenIDM.

What You Need Before Starting OpenIDM

This section covers what you need to have on your system before running OpenIDM:

  • Operating System: Windows or UNIX/Linux.

  • Java: Java Runtime Environment (JRE) Standard Edition (Java SE) 7, update 6 or later, or Java 8. Alternatively, you can use the same version of the Java Development Kit (JDK). On Linux, you may also install the OpenJDK package native to your updated Linux distribution.

  • At least 250 MB of free disk space.

  • At least 1 GB of free RAM.

  • If your operating system includes a firewall, make sure that it allows traffic through (default) ports 8080 and 8443.

We provide this document, Getting Started with OpenIDM, for demonstration purposes only.

With this document, we want to make it as easy as possible to set up a demonstration of OpenIDM. To that end, we have written this document for installations on a desktop operating system, Microsoft Windows 7.

Java Environment

On Windows systems, after installing Java, set the JAVA_HOME environment variable. To do so on Windows 7, take the following steps:

  1. Locate your JRE or JDK installation directory. For a default installation of Java 8 on Windows 7, you should find the directory here: C:\Program Files\Java\jre-version.

  2. Select Start > Control Panel > System and Security > Advanced System Settings to open a System Properties window.

  3. Select Advanced > Environment Variables.

  4. Set the value of JAVA_HOME to match the JRE or JDK installation directory.

Downloading and Starting OpenIDM

This procedure assumes that you are downloading and starting OpenIDM as a regular (not administrative) user named user.

  1. Download enterprise software releases from the GitHub.

    For more information on the contents of the OpenIDM binary package, see "File Layout" in the Integrator’s Guide.

  2. Extract the contents of the OpenIDM binary file to your user’s Downloads directory. The process should unpack the contents of OpenIDM to the Downloads/openidm subdirectory.

  3. Navigate to the Downloads/openidm subdirectory:

    • In Microsoft Windows, use Windows Explorer to navigate to the C:\Users\user\Downloads\openidm directory.

      Double-click the getting-started(.bat) file. Do not select the getting-started.sh file, as that is intended for use on UNIX/Linux systems.

    • In Linux/UNIX, open a command-line interface and run the following commands:

      $ cd /home/user/Downloads/openidm
$ ./getting-started.sh

  4. When OpenIDM is ready, you will see the following message:

    -> OpenIDM ready

Once OpenIDM is ready, you can administer it from a web browser. To do so, navigate to http://localhost:8080/admin or https://localhost:8443/admin. If you have installed OpenIDM on a remote system, substitute that hostname or IP address for localhost.

gsg windows

We recommend that you connect to OpenIDM via the default secure port, 8443, and import a signed certificate into the OpenIDM truststore, as discussed in "Accessing the Security Management Service" in the Integrator’s Guide.

Until you install that certificate, you will see a warning in your browser at least the first time you access OpenIDM over a secure port.

The default username and password for the OpenIDM Administrator is openidm-admin and openidm-admin.

When you log into OpenIDM at a URL with the /admin endpoint, you are logging into the OpenIDM Administrative User Interface, also known as the Admin UI.

The default password for the OpenIDM administrative user, openidm-admin, is openidm-admin. To protect your deployment in production, change this password.

All users, including openidm-admin, can change their password through the Self-Service UI, at http://localhost:8080/ or https://localhost:8443/. Once logged in, click Profile > Password.

The Getting Started Data Files

In a production deployment, you are likely to see resources like Active Directory and OpenDJ. But the setup requirements for each are extensive, and beyond the scope of this document.

For simplicity, this guide uses two static files as data stores:

  • hr.csv represents the Human Resources data store. It is in CSV format, commonly used to share data between spreadsheet applications.

  • engineering.xml represents the Engineering data store. It is in XML format, a generic means for storing complex data that is commonly used over the Internet.

You can find these files in the OpenIDM binary package that you downloaded earlier, in the following subdirectory: openidm/samples/getting-started/data.