...
A common question amongst TIER Participants the InCommon Community has been the relationship between COmanage and midPoint. There is no one exact answer to this question, as with many integration problems the best answer for a given deployment will depend on the circumstances of that deployment. For example, a deployment with complicated enrollment and lifecycle policies may benefit more from COmanage, while a deployment with sophisticated provisioning requirements may benefit more from midPoint. (And of course these are not mutually incompatible requirements.) However, there are a few basic patterns that can be used as a reference point in understanding the possibilities.
...
This document omits Grouper, ID Match, and other components for simplicity. There are numerous variations on these approaches utilizing some or all of these other components.
Integration Approaches
I. COmanage Only
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
...
This approach is most suitable for smaller organizations, including virtual organizations, that do not require the complexity of additional components.
II. COmanage Primary, midPoint Downstream
Anchor | ||||
---|---|---|---|---|
|
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
In this approach, SOR data is linked together by COmanage, which is responsible for managing the canonical person record. This record is then synchronized to midPoint, which is responsible for provisioning the appropriate data to downstream systems.
This approach is most suitable for organizations with complex requirements for matching and merging records from multiple upstream sources.
III. midPoint Primary, COmanage Upstream
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
In this approach, SOR data is linked together by midPoint, which is responsible for managing the canonical person record, as well as provisioning the appropriate data to downstream systems. COmanage operates as another SOR, providing guest management or similar capabilities.
This approach is most suitable for organizations with a single physical System of Record and relatively simple requirements for guest management.
IV. midPoint Primary, COmanage Downstream
Gliffy Diagram | ||||
---|---|---|---|---|
|
In this approach, SOR data is linked together by midPoint, which is responsible for managing the canonical person record, as well as provisioning the appropriate data to downstream systems. COmanage operates as a downstream system, presumably using campus identity as a source in a separate VO identity management system.
This approach is most suitable for organizations with a single physical System of Record and a desire to "pre-provision" COmanage for campus-sponsored Virtual Organizations.
V. midPoint Only
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
In this approach, midPoint is responsible for all aspects of identity management, including receiving records from SORs and provisioning to downstream systems. COmanage is not deployed.
This approach is most suitable for organizations with a single physical System of Record.