didmos is the powerful Identity & Access Management software suite from DAASI International, consisting of six expandable open source modules.
didmos – The IAM software suite
Everytime an organization decides to establish an Identity & Access Management system, similar questions arise:
- How should data exchange operate among the different systems (data models, interfaces, access information etc.)?
- How can internal permissions be represented in the best way?
- How can specific organizational procedures (administration processes, self-service functions for users etc.) be modelled optimally?
Although these questions are similar in each organization, their answers are always different and depend on the specific requirements and structures of the respective organization. That is why proprietary standard software is often an unsatisfactory solution.
Modules for more flexibility
In contrast to a rigid standard solution, didmos is flexible, as it consists of six adjustable modules.
All modules are dovetailed and together they form a flexible, broad and profound Identity & Access Management system, that can be adapted to individual requirements and desires. Additionally, didmos provides ideal conditions to be integrated into your existing IT landscape through high standards compliance and and a strong focus on expandability.
In summary, didmos is not a proprietary standard software, but an individual and lasting all-in-one solution that adapts to all conditions and requirements with the help of its module structure.
ETL Flow stands for extract, transform, load, workflow; accordingly it extracts data from different sources, such as ERP-, SAP-, XML-, or SQL databases to synchronize them in a central metadirectory. The crucial processes are identifying data based on weighted attributes (duplicate detection), merging data into one coherent data set based on automatically generated attributes (data harmonization) as well as automated group formation.
Pwd Synchronizer allows the event-based synchronization of passwords from an Active Directory domain controller to other directories, such as OpenLDAP. The simple installation as a Windows service, the encrypted caching on the domain controller as well as the recording of the synchronization processes make Pwd Synchronizer an effective module for the integration of Active Directory.
The LDAP user interface, or LUI in short, forms the core of didmos and consists of three elements: a frontend component for administering users or for their self-administration, a backend for business logic and workflow engine, and a metadirectory as persistence layer. The workflow engine can, for instance, illustrate approval processes.
The LUI back-end allows for an endless range of possibilities to add different modules, e.g. the Decision Point or other user-specific modules with their own API. As it is compliant with the international standard SCIMv2 for the distribution of identities within a cloud, LUI is universally applicable. As this module is completely customisable, even your corporate design can be included.
Provisioner can transfer identity information into connected target systems in real time. Relevant changes are written as a JSON document into the queuing system RabbitMQ, from there a dedicated worker picks them up to install the changes in the target system. In order to do this, the worker relies on an ICF connector framework which allows the use of different interfaces, i.e. SOAP, REST, LDAP or SQL; or even individual connectors to integrate proprietary systems.
The didmos Decision Point is an implementation of the Role Based Access Control standard. It manages access rights based on role memberships. Within didmos it is used for access control, i.e. in LUI where it ensures users can only see and use menu options that their respective role within the system calls for. As the Decision Point has its own REST-API, it can be connected to any proprietary system. This way access control is centralised and the respective roles do not need to be defined individually for each application. The didmos Decision Point has already been successfully used for access control within research infrastructures.
Within the didmos framework, the authenticator is a universally applicable authentication tool. It can even work for all kinds of other applications. The modular structure, which makes the Authenticator highly flexible, allows for the it to be deployed in any SSO environment. The implementation of the SAML and OpenID Connect protocols enables users to login with either internal or external accounts, using i.e. social login via Facebook, Twitter, etc. This way users only need one account instead of setting up one account for each service they wish to use. The possibility to include the open source software PrivacyIDEA by our partner NetKnights, ensures maximum data security with multi-factor authentication.