10 Open-source Identity and Access Management IAM Systems for the Enterprise

Identity and Access Management (IAM), is a collective term that covers: User identity, rules and authentication management software and access management policies and protocols.

IAM is a necessary requirement in today's enterprise business, especially when it's proven to provide answers to many security issues and ease multiple systems' integration.

Basically, IAM is responsible for identities, authentication and authorization.

Let's breakdown IAM components:

  1. A data-store to save identities and access privilege.
  2. IAM software that manages the identities, control and monitors access privileges 2
  3. Managing and auditing authentication and authorization

The IAM framework ensures the right person is accessing the right resources with the right privileges to performing the right task at the right time. The resources could be a server, a web application, hardware, mobile app, or any other IT resources.

Benefits of using IAM system for the enterprise:

  1. Single access to all enterprise resources (SSO)
  2. Enhanced centralized privilege management: The right person in the right area.
  3. Enhanced centralized security
  4. A single data source for HR (Human Resources)
  5. Centralizing auditing and logging
  6. Easy to manage privileges for enterprise employees
  7. Easy to integrate with other enterprise software and mobile applications
  8. Avoid accounts overlapping for enterprise systems
  9. Audit, track, monitor and report users activities
  10. Better compliance
Photo by Proxyclick Visitor Management System / Unsplash

Why use open-source?

  1. Source code access
  2. Community supported
  3. Faster implementation
  4. Extensible and ready to scale
  5. Better IT team involvement for enterprise
  6. Avoid vendor lock-in

The reason behind writing this post is to provide open-source alternatives for commercial IAM solutions. But the main trigger was that as we are providing consultation for some enterprise clients about some open-source IAM, we decided to share some of our findings to empower and enrich the open-source community.

Open-source Identity and Access Management System for the Enterprise

  1. Open Identity Platform
    Open Identity Platform is a complete ecosystem of IAM solutions for the enterprise.

    The project is composed of several sub-projects:
  2. OpenAM: Open Access Management
  3. OpenDJ: An LDAPv3 compliant directory based on Java technologies
  4. OpenIG: Open Identity Gateway. A proxy server designed for session management
  5. OpenIDM: It's a Libre open identity and access management solution.
  6. OpenICF; Open Identity Connector Framework: It's a connector framework solution that acts as a bridge between identity management and auditing/ security management.

    All projects under the Open Identity Platform are released under an open-source license on GitHub.
  7. Keycloak
    Keycloak is an Identity and Access Management (IDM) Red Hat-sponsored solution. It's a feature-rich project which makes it enterprise-ready.

    Keycloak supports SSO "Single-Sign-On", several protocols like OpenID Connect, OAuth 2.0, SAML 2.0, Social media login and supports LDAP and Active directory.  It also supports custom password policies.

    It's designed to be extensible to add new custom functionalities with the help of an experienced developer. Keycloak is packed with well-written documentation and a community that grows a day after day.

    Keycloak is the best solution to manage identities, user privileges and policies for several web and mobile applications at the same time because it was designed to scale.
  8. Apache Syncope
    Apache Syncope is a cross-platform solution for managing digital identities for the enterprise. It's built on top of Java and as part of the Apache foundation, it's released under Apache 2.0 license.

    Apache Syncope offers a complete control over identity management process which includes provisioning, auditing,  reporting, administration, policy management, password management and password policy management. It comes with a rich REST API.


  9. FusionAuth
    FusionAuth is a complete multi-platform IAM solution that provides authentication, authorization and user management packed with several auditing, reporting and provisioning tools.

    It's an open-source project and available to download, install and use for free. It has a supportive community with steady growth in numbers of developers and enterprise users.

    It can be installed on Linux, macOS, Windows, or by using docker.

    FusionAuth offers commercial support plans with its enterprise edition which includes more enterprise features. FusionAuth company also provides cloud hosting plans under FusionAuth Cloud that start from $75/ month.

    Note that FusionAuth is still getting new features day by day like threat detection.

  10. Aerobase IAM Server
    Aerobase is an IAM solution that is basically forked from Keycloak and some other open-source projects but added more features to the game.

    It forged as a new IAM framework to support micro-services and extend access control functionalities, privacy regulation.

    Aerobase server features list includes Single-Sign-On (SSO), Social Login, two-factor authentication, LDAP and Active directory support, customizable user interface, identity/ access management and identity brokering.

    It supports OpenID Connect, OAuth2.0 and SAML 2.
  11. midPoint Evolveum
    midPoint Evolveum is a complete open-source ecosystem for identity and access management. It's by far the most GDPR-ready solution on this list.

    Alongside its features that resemble most of the solutions on this list, it focuses on how the data is processed, auditing, and provide data rectification and erasure options out-of-the-box.
  12. OpenIAM
    OpenIAM is an open-source enterprise IAM solution. It has a community edition and enterprise edition that comes with professional commercial support.

    OpenIAM features powerful web access control for identities management, applications, SSO (Single Sign-On), Desktop SSO, API integration controls. two-factors/ multi-factor authentication and role-based access control management.

    It offers extra features like SSH key management, session management, password vault and privileged account security.

    It has custom extensions for healthcare, finance, education and insurance.

    OpenIAM allows seamless integration with Microsoft Office 365, G Suite, ServiceNow and Salesforce.

    Though it's a free project, it's not pen-source and it requires a registration to download the community edition.
  13. Gluu
    Gluu is offering self-hosted IAM solutions that are built to scale. Their products are Gluu Server an IAM solution, Gluu Gateway (authentication and authorization solution for APIs and websites.), Gluu Casa, Super Gluu (An IAM system built for mobile apps) and oxd (client app to secure apps with OAuth and OpenID Connect).

    Gluu is custom to be used for dozens of a web and mobile applications because of its ability to scale and cluster.

    oxTrust is a web application from Gluu for managing authentication, authorization and users.

    Super Gluu 2FA is a mobile authentication system for mobile users with the Gluu server in the backend. It's available for Android and iOS devices.

  14. ORY
    ORY is a company with a specific focus on building open-source identity and authentication management systems. Their products are:
    a. Explore ORY/ Kratos: User and identity management solution
    b. Hydra: OAuth 2.0 and OpenID Certified® OpenID Connect server. Secure access to your applications and APIs.
    c. Oathkeeper:Identity and Access Proxy (IAP).
    d. Keto: Access control and permission management server.

    ORY products are released as open-source solutions. They are easy to integrate and support many languages. It's written in Go language which ensures the best performance and easy integration with web and mobile apps.

    With ORY there is pricing on the services or support plans. Ory offers an enterprise license which comes with support.
  15. FusionIAM
    FusionIAM is our last pick here. It's a standard-compliant IAM system. It's also an open-source software that released under BSD license.

    FusionIAM features several child projects with a primary focus on LDAP and Active Directory.

    On deployment, FusionIAM features LDAP directory management, a web-based management interface, web services manager, authentication portal, access control management and synchronization connectors manager.


Conclusion

Here ends our list. We missed some IAM solutions in here because they don't fit our criteria. However, almost all of these free enterprise IAM solutions come with paid services like support, installation, implementation, cloud hosting and custom development.

If you are a decision-maker in an enterprise, we recommend to go slowly through each one that fit your requirement , install, try them few of them out and make some experiments with your team, and compare features and prices for each solution to find the best one for your enterprise.


Photo by fauxels from Pexels



  • React Help Desk is an open source live chat application that comes with an administrative control panel that lets you manage multiple chats. The control panel written with React, Node.js, and web sockets. React Help Desk offers a real-time support system with a simple interface which allows you to...Read more...

  • Open Source Software, since its birth, has made people wonder about its effects. The debate is never-ending, and for the right reasons. Giants like Apple have often viewed Open Source skeptically because they are mostly unfounded. However, one cannot deny that these sources are functional and flexible. They are also...Read more...

  • A headless software is a program that can work and performs without a user interface. A headless Linux and a headless Google Chrome can perform seamlessly and smoothly without the need to run its GUI. Likewise, a headless web system is a functional web app but without a user interface....Read more...

  • OtoboOtobo is a free self-hosted ticketing system with convincing functionality AND optics. It is the most web based flexible system come to enhance The efficiency and transparency of your business communication. Otobo supports different communication channels which include phone, customer portal, self-managed tickets, email, and text messages. Furthermore, it is...Read more...

  • ERP5 is one of the most and complete web-based ERP platform for small modern companies, designed to be flexible to fit different business areas and to be used through the web. It aims to match the requirement of globalization and increase distributed nature. You can use ERP5 as an accounting...Read more...