MidPoint is one of the leading open source IAM platforms that combines classic Identity Management with modern Identity Governance requirements in a solution-oriented manner. The MidPoint IGA platform supports all essential and advanced use cases of the identity lifecycle as well as the growing requirements for information security and data privacy. The tool supports multiple deployment and integration models from on-premise to hybrid to cloud IT landscapes.

MidPoint Open Source IGA // Ventum Report 2022

The MidPoint source code is subject to two open-source licenses: the Apache License 2.0, one of the most liberal licenses on the market, and the European Union Public License (EUPL), since Evolveum is an EU-based company. Thanks to these licenses, all organizations worldwide can use midPoint for free, while Evolveum retains ownership of the software. In addition, the source code is fully viewable on Evolveum’s official Github account.

Pro 1: MidPoint supports complex IT landscapes

MidPoint supports on-premise, hybrid and cloud deployments of up to millions of identities. With an on-premise installation you have full control over identity data in your own data center. In the hybrid scenario, the advantages of on-premises are combined with a private/public cloud. The advantages of a cloud deployment are the extensive scalability and the resource and time savings in system operations due to the elimination of support staff and hardware.

MidPoint also offers a large number of connectors that support the connection of frequently used (enterprise) applications. Among others (Azure) Active Directory, LDAP, Database, SCIM, Rest, SOAP and CSV interfaces are natively supported by MidPoint. Beyond these native connectors, connectors can be sourced from 3rd party developers or developed in-house due to the open-source implementation of the system.

Pro 2: No vendor lock-in

MidPoint is a Java-based application built on top of an open-source stack. A PostgreSQL database is highly recommended for the central identity store, but other databases such as MS SQL or Oracle are also possible. The source code is open for adjustments to customer-specific requirements and extensions without negative impact on optional support contracts that can be concluded with Evolveum.

Pro 3: Highly customizable solution with extensive Rest API

An extensive Rest API makes it very easy to link MidPoint to other ITSM / workflow engines. This Rest API allows the management of all MidPoint components, starting with identities, through accounts (shadows) and managed target/source systems (resources) to role assignments. Thus, the entire system can be controlled and managed via the Rest API. Internally, this API is also used for all processes, which is also represented accordingly in the system architecture. This Rest API supports the widely used JSON, SAML and XML document formats, both as a query and as a server response option.

Pro 4: Aktive Community and Support

Like many open source projects, MidPoint enjoys a large and active community of platform and source code experts. There are forums, mailing lists and a Jira Board where questions can be asked and bugs reported.

In addition, developers in the community write connectors and custom components which, depending on requirements, can be integrated into your own MidPoint instance.

The specific implementation of the software in your company is carried out by Evolveum partners such as Ventum. Here, the expertise of the partner as well as all of Evolveum’s Free Tier Support Services described in the first paragraph can be used. For further support it is recommended to purchase a product support package for MidPoint. As part of this, bugs in MidPoint are given priority by Evolveum and system-specific bugs are also solved.

If further support is required, there is the option of platform support. This also enables the development of new features and further improvements to MidPoint on customer request. These features are also included in the standard MidPoint, so there is also the possibility of helping to control the development.

Cons: Missing workflows

In the latest version, MidPoint does not offer a native way to develop workflows in the system itself. This was a conscious decision by the developers to focus the system on identity management and provisioning.

However, there is the possibility of connecting external workflow engines to the system, so you don’t have to do without workflows entirely and you can also use familiar workflow engines. Evolveum recommends Camunda BPM here.

Summary

In short, MidPoint is a comprehensive and highly advanced open-source solution for your identity management. Thanks to open-source licensing and standard software components, the platform can be put into operation quickly and easily. In addition, the active community and extensive support from the manufacturer Evolveum allow rapid development and smooth operation of the software. Missing features can be compensated for by 3rd party software, which can be connected to MidPoint both through API endpoints and through specific interfaces (see workflows).