didmos is the powerful software for Identity & Access Management from DAASI International. It consists of six expandable open source modules which can be individually adapted to your infrastructure.
didmos – The IAM Software Suite
Everytime an organisation decides to establish an Identity & Access Management system, similar questions arise:
- How should data exchange operate among the different systems (data models, interfaces, access information etc.)?
- How can internal permissions be represented in the best way?
- How can specific organisational procedures (administration processes, self-service functions for users etc.) be modelled optimally?
Although these questions are similar in each organisation, their answers are always different and depend on the specific requirements and structures of the respective organisation. That is why proprietary standard software is often an unsatisfactory solution.
Modules for more flexibility
In contrast to a constrained standard solution, didmos is highly flexible, as it consists of six adjustable modules.
All modules are well coordinated with each other; together they form a flexible, broad and comprehensive Identity & Access Management system, that can be adapted to individual requirements and desires. Additionally, didmos provides ideal conditions to be integrated into your existing IT landscape through high standards compliance and and a strong focus on expandability.
In summary, didmos is not a proprietary standard software, but an individual and lasting all-in-one solution that adapts to all conditions and requirements with the help of its module structure.
The LDAP user interface, or LUI in short, forms the core of didmos and consists of three elements: a front-end component for administering users or for their self-administration, a backend for business logic and workflow engine, and a metadirectory as persistence layer. The workflow engine can, for instance, illustrate approval processes.
The LUI back-end allows for an endless range of possibilities to add different modules, e.g. the Decision Point or other user-specific modules with their own API. As it is compliant with the international standard SCIM-v2 for the distribution of identities within a cloud, LUI is universally applicable. As this module is completely customisable, even your corporate design can be included.
Within the didmos framework, the authenticator is a universally applicable authentication tool. It can even work for all kinds of other applications. The modular structure, which makes the Authenticator highly flexible, allows for the it to be deployed in any SSO environment. The implementation of the SAML and OpenID Connect protocols enables users to login with either internal or external accounts, using i.e. social login via Facebook, Twitter, etc. This way users only need one account instead of setting up one account for each service they wish to use. The possibility to include the open source software PrivacyIDEA by our partner NetKnights, ensures maximum data security with multi-factor authentication.
Pwd Synchroniser allows the event-based synchronisation of passwords from an Active Directory domain controller to other directories, such as OpenLDAP. The simple installation as a Windows service, the encrypted caching on the domain controller as well as the recording of the synchronisation processes make Pwd Synchroniser an effective module for the integration of Active Directory.
ETL Flow stands for extract, transform, load, workflow; accordingly it extracts data from different sources, such as ERP-, SAP-, XML-, or SQL databases to synchronize them in a central metadirectory. The crucial processes are identifying data based on weighted attributes (duplicate detection), merging data into one coherent data set based on automatically generated attributes (data harmonisation) as well as automated group formation.
Provisioner can transfer identity information into connected target systems in real time. Relevant changes are written as a JSON document into the queuing system RabbitMQ, from there a dedicated worker picks them up to install the changes in the target system. In order to do this, the worker relies on an ICF connector framework which allows the use of different interfaces, i.e. SOAP, REST, LDAP or SQL; or even individual connectors to integrate proprietary systems.
didmos Core is at heart of the didmos suite. It contains several functions for the administration of access control and objects (i.e. users and groups). All of the functions use REST webservices to operate, these include creating, deleting, and changing objects. Didmos Core was written in Python. It deploys the pertinent standard SCIM-v2 and can even define individual endpoints if a certain function is not set up by default in SCIM.
Didmos Core was developed based on flexibility and extensibility. It is highly adaptable to meet any possible requirement. In case of particularly specific requirements, it is possible to implement completely new generic functions. This way, developers are always able to accommodate individual needs. Developers can rely on fully tested components to minimise the risk of errors. Lastly, didmos Core also allows for the integration of customised applications with their own respective webservice interfaces to realise various specialised functions.
didmos is based on the latest open source technology and meets all the requirements for building a high-performance IAM system. In order to guarantee this quality in the future and to meet the individual requirements of innovative organisations, DAASI International is constantly developing didmos further.
If you would like to find out more about the features we are currently developing or which additional features are planned, you can access the actual roadmap in our public Wiki.
Over the past years, didmos has grown tremendously. New modules and features have transformed the framework into a multifunctioncal and complex IAM suite.
The public DAASI International Wiki provides in their documentation a comprehensive guide and assistance for your IAM project.
didmos – Try Now!
- OpenLDAP-Server – The persistence layer of identity management in didmos
- didmos Core – Implementation of essential processes
didmos Core, espacially SCIM-v2, is operable via a REST-Interface and directs the right management (of build-in RBAC-compatible Policy Decision Point) and also the storage of LDAP-servers.
- didmos Authenticator – Authentication and access management
- didmos LUI – A self-service interface, which, with the appropriate role membership, can be used as an admin tool
- didmos Provisioner – Provisioning of data in favor of arbitrary target systems
- An Active Directory as an example of a provisioned system
Configurated Features so Far
Selfservice / Authenticator
- LDAP Login: login with LDAP password
- Social Login: login with social account (i.e. Google)
- New Account: Creating a new account, including acceptance of terms and conditions or else, email verification, and password strength review
- My Data: Displaying and changing separate files
For example, name and surname as boxes with just one value, telephone number with any values and unchangeable username and email address. It is possible to configure any arbitrary attribute. Additionally, all group and role memberships are displayed
- Change Password: Option to change the password
- Request Admin Access: Requesting the role “admin”. A request will be issued in the admin-portal, which can be accepted or declined by an officiate admin
- My History: Logs and displays all changes of user attributes within your account including information about who they were implemented by
- Delete Account: Option to delete the account
- Themes: Configure individual designs via Themes. (Selected theme within the demo will not be saved, but can be implemented if desired)
- Logout: Log out of the account
- Self-service: Starts the workflow to retrieve a lost password
- User-login with equal instance: superadmin, Password: secret (who has the declared role of superadmin)
- Userlist : List of all saved users with the options to create new user, select users to change their information, deactivate or delete an account. Here, a new user can be registered in existing groups
- Grouplist: List of all groups with the option to create new groups and edit existing groups. In addition to this option, it is possible to add new members, delete existing members, or to examine certain user records
- Role Requests: Edit requests with admin rights
This infrastructure will be gradually expanded by:
- additional functionalities within the interface
- additional source as well as target systems
didmos is like modular system designed for flexible functionalities. This demo is a specific configuration of many different possible versions. Due to the set-up of didmos, nearly everything, especially in terms of design, can be realised entirely customised to meet your requirements.