Samples provided with IDM

The Getting Started sample shows you how to install and evaluate a basic use case in an IDM deployment.

In addition to the samples listed here, IDM provides example configuration and data files that you can use to set up your own project. These files are in the samples/example-configurations directory. Each file in this directory is documented in the section that corresponds to the purpose of the file. For example, the conf/external.email.json file is described in Outbound email.

The sync-with-csv sample demonstrates one-way synchronization from an external resource to an IDM repository. The external resource in this case is a simple CSV file. User objects in that file are synchronized with the managed users in the IDM repository.

The sync-with-ldap sample uses the generic LDAP connector to connect to an LDAP directory. The sample includes one mapping from the LDAP directory to the managed user repository, and demonstrates reconciliation from the external resource to the repository.

The sync-with-ldap-bidirectional sample uses the generic LDAP connector to connect to an LDAP directory. The sample includes two mappings: one from the LDAP directory to the managed user repository, and one in the opposite direction. The sample demonstrates reconciliation from the LDAP directory to the repository and implicit synchronization from the managed user repository to the LDAP directory.

The sync-with-ldap-groups sample uses the generic LDAP connector to connect to an LDAP directory. The sample builds on the sync-with-ldap-bidirectional sample by providing an additional mapping, from the LDAP groups object, to the managed groups object. The sample illustrates a new managed object type (groups) and shows how this object type is synchronized with group containers in LDAP.

The sync-with-ldap-group-membership sample uses the generic LDAP connector to connect to an LDAP directory. The sample includes two mappings, one from the LDAP directory to the managed user repository, and one from the repository to the LDAP directory. The sample demonstrates synchronization of group membership; that is, how the value of the ldapGroups property in a managed user object is mapped to the corresponding user object in LDAP.

The sync-two-external-resources sample demonstrates synchronization between two external resources, routed through IDM. The resources are named LDAP and AD, and represent two separate LDAP directories. In the sample both resources are simulated with simple CSV files.

The sync-asynchronous sample shows how you can use workflows to launch an asynchronous reconciliation operation.

The livesync-with-ad sample shows the liveSync mechanism that pushes changes from an external resource to the IDM repository. The sample uses an LDAP connector to connect to an LDAP directory, either ForgeRock Directory Services (DS) or Active Directory.

The sync-with-google sample uses the Google Apps Connector to create users and groups on an external Google system, and to reconcile those accounts with the IDM managed user repository.

The sync-with-salesforce sample demonstrates how to create and update users in Salesforce, using the Salesforce Connector. The sample also shows synchronization of users between Salesforce and the IDM managed user repository.

The sync-with-kerberos sample demonstrates how to use the scripted Kerberos connector to manage Kerberos user principals and to reconcile user principals with IDM managed user objects.

The multiple-passwords sample demonstrates how to set up multiple passwords for managed users, and how to synchronize separate passwords to different external resources. The sample includes two target LDAP servers, each with different password policy and encryption requirements. The sample also shows how to extend the password history policy to apply to multiple password fields.

The multi-account-linking sample illustrates how IDM addresses links from multiple accounts to one identity. The sample shows how you can create links between a single source account and multiple target accounts, using link qualifiers that enable one-to-many relationships in mappings and policies.

The historical-account-linking sample demonstrates the retention of inactive (historical) LDAP accounts that have been linked to a corresponding managed user account.

The scripted-rest-with-dj sample uses the Groovy Connector Toolkit to implement a ScriptedREST connector that interacts with the DS REST API.

The scripted-sql-with-mysql sample uses the Groovy Connector Toolkit to implement a ScriptedSQL connector that interacts with an external MySQL database.

The sync-with-azuread sample uses the MS Graph API connector to synchronize users between IDM and Azure AD.

The scripted-powershell-with-ad sample uses the MS Active Directory PowerShell module to demonstrate how you can synchronize managed objects with a Microsoft Active Directory deployment. The sample provides a number of PowerShell scripts that let you perform basic CRUD (create, read, update, delete) operations on an Active Directory server.

The provisioning-with-roles sample builds on the sample described in One-way synchronization from LDAP to IDM, and demonstrates how attributes are provisioned to an external system (an LDAP directory), based on role membership.

The provisioning-with-workflow sample demonstrates a typical use case of a workflow — provisioning new users. The sample demonstrates the use of the End User UI to let users complete a registration process.

The audit-jdbc sample uses a ScriptedSQL implementation of the Groovy Connector Toolkit to direct audit information to a MySQL database.

The audit-jms sample demonstrates how the JMS audit event handler can publish messages that comply with the Java™ Message Service Specification Final Release 1.1.

The sync-with-mongodb sample uses the Groovy Connector Toolkit to implement a scripted connector that interacts with a MongoDB Database. The connector can be used for provisioning MongoDB database users and roles from an IDM managed repository.

The sync-with-hubspot sample demonstrates bidirectional synchronization between IDM managed users and HubSpot contacts.

The sync-with-docusign sample demonstrates bidirectional synchronization between IDM managed users and DocuSign user accounts.

The sync-with-scim sample demonstrates bidirectional synchronization between IDM managed users and roles with corresponding users and roles from a SCIM provider.

The scripted-jms-subscriber sample demonstrates the scripted JMS message handler, and how it performs ForgeRock REST operations.

The trusted-servlet-filter sample shows how to use a custom servlet filter and the Trusted Request Attribute authentication module to let IDM authenticate through another service.

IDM supports scriptable custom endpoints that let you launch arbitrary scripts through an IDM REST URI. The example-configurations/custom-endpoint sample shows how custom endpoints are configured and returns a list of variables available to each method used in a custom endpoint script.