Identity & Access Management
Open-Source Platform
Automate identity governance and secure access to all your applications in compliance with your company and industry standards, while providing the user experience users deserve.
Skip to content 
Comprehensive
All the tools you need for building reliable Identity and Access Management systems.
Versatile
Start small, adapt as needed, whether a basic tool or comprehensive IAM system.
Open
Completely open-source. Without vendor lock-in. No licensing fees.
Secure
Regular upgrades, security analysis, transparent vulnerability management - published as CVEs.
Identity Management
Regain control over people's access. Use Wren:IDM to streamline your identity governance and gain full control over where and why users have access. Increase productivity with efficient access provisioning. Reduce operational labour through automation and user self-service. And ensure that everyone has all the access they need, but no other.
Identity Lifecycle Management
Automatically retrieve users from the source system and provision accounts to the target systems according to clearly defined rules.
Workflows
Define your workflow and approval processes, and empower managers to make decisions in access provisioning while leaving the rest to automation.
Extensions
Utilize a variety of extension points to customize the logic or the CRESTful interfaces and make sure that the identity management smoothly integrates into your existing environment.
Auditing
Dig into the built-in audit tracks or integrate them with log collection and SIEM tools to get complete insight into the identity management activities.
User Self-Service
Built-in self-service allows users to manage their identities. The changes are immediately reflected where necessary.
Connector Framework
With connectors provided by Wren:ICF framework you can manage every piece of software within your organization.
Access Management
A secure portal for your digital services. Use Wren:AM to establish consistent access policies and advanced observability across all your applications, cloud services and IT infrastructure with minimal effort. Avoid multiple logins with Single Sign-On to deliver a superior login experience for your users.
Single Sign-on
Centralize authentication and uniformly protect all your applications according to the highest security standards, while also improving the login experience.
Multi-Factor Authentication
Add OTP, SMS, Email, or 3rd party MFA tools to your authentication flow for additional protection against compromised passwords.
Adaptive authentication
Do not compromise between security and login experience. Adjust the authentication requirements based on the evaluated risk.
Identity Provider
Take control of access to external or cloud services. Leverage an identity provider to supply service providers with authentication that complies with your policy and security rules.
Federations
Establish an identity federation or connect with an existing one to link the identities across multiple identity management systems.
Standard protocols
OAuth 2.0, OIDC, SAML,... Choose from a variety of authentication protocols to easily integrate your applications according to industry standards.
Social Login
Delegate authentication to 3rd-party services like Google, Facebook, GitHub, or any other compatible identity provider, to make the sign-in and onboarding even more convenient.
User Self-service
Place the user self-registration, account management, and password reset features where they belong, without the need to re-implement it in your apps.
Authorization
Consolidate the management of your access policies and implement fine-grained access control to multiple resources using a central policy decision point.
Directory Service
Efficiently store and organize your digital identities, even in the most complex IT environments. Wren:DS provides a secure and scalable directory service that complies with industry standards.
Uniform Access
Access the data using the established LDAP (Lightweight Directory Access Protocol) or leverage the REST API where necessary.
Efficiency
It can withstand even the highest loads on its own, but use replicated deployments to make your critical authentication services highly available.
Security
Fine-grained access control, coupled with a comprehensive audit, ensures that your most valuable data is always secure.
Identity Gateway
Place an identity gateway in front of your applications, microservices, and APIs to ensure consistent security measures, regardless of their technology or authentication capabilities. Including the most problematic legacy systems.
Protection
An additional layer of protection that provides authentication (and authorization) according to your security standards for any application.
Simplicity
Works as a proxy, providing trustworthy security information to your systems. Simplifying implementation in the applications itself.
Control
Changes in the security configurations can be made without altering the applications and central audit provides insight into potentially malicious activities.
Deployment
Take control of your identities, regardless of your infrastructure. Whether it's your own hardware, various cloud providers, or any kind of hybrid environment. Clustered deployments for availability and scalability is a matter of course. Official Docker images are convenient for container deployments and Kubernetes operations. However, you can build your own when customizations are needed, or when your DevSecOps standards require an additional layer of supply chain security measures.
DevOps Ready
Utilize configuration management tools and adopt a configuration-as-code approach. This is especially useful when an administration interface is impractical, or when you need to align configurations across multiple environments or swiftly create new ones.
Project Origin
Though our project originated with code that ForgeRock™ had previously released, we are not affiliated with ForgeRock™ in any way. Our projects are based on the very latest code from what was available under a CDDL license (OpenAM 13.5+, OpenDJ 3.5+, OpenIDM 4.5+, and OpenIG 4.0+). ForgeRock™ no longer releases any of the most recent versions of their software under an open-source license. ForgeRock™'s "Community Edition" are ancient versions of the projects. Join our community for the latest and greatest.