Skip to content

Identity & Access Management

Open-Source Platform

Automate identity governance and secure access to all your applications in compliance with your company and industry standards, while providing the user experience users deserve.

Wren Security logo


All the tools you need for building reliable Identity and Access Management systems.


Start small, adapt as needed, whether a basic tool or comprehensive IAM system.


Completely open-source. Without vendor lock-in. No licensing fees.


Regular upgrades, security analysis, transparent vulnerability management - published as CVEs.

Identity Management

Regain control over people's access. Use Wren:IDM to streamline your identity governance and gain full control over where and why users have access. Increase productivity with efficient access provisioning. Reduce operational labour through automation and user self-service. And ensure that everyone has all the access they need, but no other.

Identity Lifecycle Management

Automatically retrieve users from the source system and provision accounts to the target systems according to clearly defined rules.


Define your workflow and approval processes, and empower managers to make decisions in access provisioning while leaving the rest to automation.


Utilize a variety of extension points to customize the logic or the CRESTful interfaces and make sure that the identity management smoothly integrates into your existing environment.


Dig into the built-in audit tracks or integrate them with log collection and SIEM tools to get complete insight into the identity management activities.

User Self-Service

Built-in self-service allows users to manage their identities. The changes are immediately reflected where necessary.

Connector Framework

With connectors provided by Wren:ICF framework you can manage every piece of software within your organization.

Access Management

A secure portal for your digital services. Use Wren:AM to establish consistent access policies and advanced observability across all your applications, cloud services and IT infrastructure with minimal effort. Avoid multiple logins with Single Sign-On to deliver a superior login experience for your users.

Single Sign-on

Centralize authentication and uniformly protect all your applications according to the highest security standards, while also improving the login experience.

Multi-Factor Authentication

Add OTP, SMS, Email, or 3rd party MFA tools to your authentication flow for additional protection against compromised passwords.

Adaptive authentication

Do not compromise between security and login experience. Adjust the authentication requirements based on the evaluated risk.

Identity Provider

Take control of access to external or cloud services. Leverage an identity provider to supply service providers with authentication that complies with your policy and security rules.


Establish an identity federation or connect with an existing one to link the identities across multiple identity management systems.

Standard protocols

OAuth 2.0, OIDC, SAML,... Choose from a variety of authentication protocols to easily integrate your applications according to industry standards.

Social Login

Delegate authentication to 3rd-party services like Google, Facebook, GitHub, or any other compatible identity provider, to make the sign-in and onboarding even more convenient.

User Self-service

Place the user self-registration, account management, and password reset features where they belong, without the need to re-implement it in your apps.


Consolidate the management of your access policies and implement fine-grained access control to multiple resources using a central policy decision point.

Directory Service

Efficiently store and organize your digital identities, even in the most complex IT environments. Wren:DS provides a secure and scalable directory service that complies with industry standards.

Uniform Access

Access the data using the established LDAP (Lightweight Directory Access Protocol) or leverage the REST API where necessary.


It can withstand even the highest loads on its own, but use replicated deployments to make your critical authentication services highly available.


Fine-grained access control, coupled with a comprehensive audit, ensures that your most valuable data is always secure.

Identity Gateway

Place an identity gateway in front of your applications, microservices, and APIs to ensure consistent security measures, regardless of their technology or authentication capabilities. Including the most problematic legacy systems.


An additional layer of protection that provides authentication (and authorization) according to your security standards for any application.


Works as a proxy, providing trustworthy security information to your systems. Simplifying implementation in the applications itself.


Changes in the security configurations can be made without altering the applications and central audit provides insight into potentially malicious activities.


Take control of your identities, regardless of your infrastructure. Whether it's your own hardware, various cloud providers, or any kind of hybrid environment. Clustered deployments for availability and scalability is a matter of course. Official Docker images are convenient for container deployments and Kubernetes operations. However, you can build your own when customizations are needed, or when your DevSecOps standards require an additional layer of supply chain security measures.

DevOps Ready

Utilize configuration management tools and adopt a configuration-as-code approach. This is especially useful when an administration interface is impractical, or when you need to align configurations across multiple environments or swiftly create new ones.

Project Origin

Though our project originated with code that ForgeRock™ had previously released, we are not affiliated with ForgeRock™ in any way. Our projects are based on the very latest code from what was available under a CDDL license (OpenAM 13.5+, OpenDJ 3.5+, OpenIDM 4.5+, and OpenIG 4.0+). ForgeRock™ no longer releases any of the most recent versions of their software under an open-source license. ForgeRock™'s "Community Edition" are ancient versions of the projects. Join our community for the latest and greatest.