Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • MidPoint saves money. Identity provisioning systems had a reputation of being extremely expensive to deploy and maintain. But midPoint has changed that completely. MidPoint is design to be cost-efficient. The open-source character means that the licensing cost is zero. The support cost is reduced by a network of excellent technology partners. But the most significant saving is in the deployment cost. MidPoint is built on more than a decade on IDM experience. It is built by people who deployed IDM solutions. We know very well what an IDM engineers needs "in the field". Therefore we have implemented that directly in midPoint code. It can be expected that 80% of the things that your IDM solution needs can be implemented in midPoint by simply flipping a configuration switch. MidPoint can make a huge effect with a very little implementation effort.
  • MidPoint goes beyond user management. MidPoint is real identity management. Of course it can manage users and accounts. But it can also manage groups, organizational units, services, devices or any other concept that can be technically reached by the connector. MidPoint can bind all these concepts to the identities therefore it can easily manage user membership in organizational units or groups. It can also manage organizational subscription to services or device ownership. And all of that is done by simply reusing the principles of identity management and applying them to much broader category of objects.
  • MidPoint is an identity governance system. MidPoint does not just deal with provisioning and synchronization of identity data. MidPoint applies policies to those data. MidPoint can enforce segregation of duties policy. It can support object lifecycle policies. MidPoint can govern organizational structure. Those are business aspects of identity management. And midPoint is one of the very rare breed of system that implements both identity management and identity governance in a single integrated product.
  • MidPoint is open source. Yes, this means that the licensing cost is zero. But there is much more in this. It also means that midPoint code can be modified. Other vendors will void your support agreement if you modify product code. But we in fact encourage partners to modify midPoint code. This is the best way to make really extreme customizations. But it is also a way how to bring new ideas into midPoint. How to allow partners to participate on product development. How to maintain a very creative community. This allows midPoint to be great and to remain great.


The system can adapt to several data store mechanisms. The only supported mechanism is relational database (supporting all major databases), however there was an experimental implementation of repository using a BaseX XML noSQL database as a proof of concept. Therefore we are confident that other storage schemes (such as LDAP) could be implemented in the future as long as the underlying data store is powerful enough to support midPoint data model.

The system is using an Identity Connector Framework (ICF) ConnId framework as a mechanism to interact with other systems (resources). ICF ConnId is also used by other identity management systems and a community builds up around the current ICF code. Therefore ICF a good match for an initial connector framework used by midPoint. In the long run we plan to either radically extend the ICF or create an alternative framework that will improve the most severe problems of ICF and provide features required for practical IDM solution. However, the compatibility with ICF (and potentially with other legacy connector framework) will be maintained to protect investments in the legacy connectorswe are working closely with other vendors to maintain and develop ConnId framework.

The unique feature of midPoint is the method of dealing with data changes and consistency. Most identity management systems work with absolute state, e.g. the complete copy of new user or account data. Such approach is very problematic in case of concurrent changes that are much more common in the IDM field as one would expect. The midPoint solution is to use model based on relative changes instead of on absolute changes. Several concurrent changes can be executed in parallel without the need to lock the entire data record. This approach significantly improves usability of the system and also supports better data consistency.