|Table of Contents|
|This page is work in progress. Some information presented on this page may not be correct or fully applicable yet.|
|License||Proprietary||Apache License 2.0|
|Provisioning / synchronization Tool||Yes||Yes|
|Provisioning Components||Java Connectors (ICF), Java Adapters||Java Connectors (ICF), Java Adapters (planned)|
|Invasive / Non-invasive||Non-invasive||Non-invasive|
|Data Interface||Web services||Web services|
|Data Representation||XML||Prism objects, XML, JSON (implementation in progress), (more formats planned)|
|Data Change Model||Absolute||Relative|
|Forms||Generated ("MissingFields"), Customizable||Generated (based on schema) (Customizable forms implementation in progress)|
|Roles||Static, Dynamic (rules), Hierarchical||Static, Dynamic (expressions), Hierarchical|
|Workflows / Approvals||Yes||Yes|
|Notifications||E-mail, File redirection||E-mail, SMS, File redirection (extensible for more transports)|
|Communication||Discussion forum (public and restricted to partners)||Mailing lists (public)|
|Documentation||Online (PDF)||Online (Wiki)|
|Upgradable from Sun IDM||N/A||Yes (with limitations and concept issues)|
This section contains tips for Sun IDM engineers that helps then to use midPoint efficiently. It describes especially the "hacks" that were often used in Sun IDM and the correct equivalent used in midPoint deployments.
MidPoint does not have a special identity template. Account identifier is considered to be very like an ordinary account attribute. Use outbound mapping to set the value of account identifier instead of identity template.
Sun IDM deployments often used "login roles" or "default roles" to set resource-global policies. Such roles had only one resource and used the ability of Sun IDM role to set account attributes. Other roles then haven't included the resource directly but included the "login role" instead.
Do not use this approach in midPoint. MidPoint has an elegant mechanism of outbound mappings that can be used to set resource-global attribute values. The ability of a login role to "hold" the account in a disabled state can be done in a much easier way by using activation existence mapping.