Hi, dear developers and friends, today, August 8, 2023, is the beginning of autumn in the 24 solar terms. Autumn is the season when grains are ripe and harvested . After a long period of optimization and iteration, the TOPIAM enterprise identity management and control platform has also ushered in the current growth and harvest. It officially released version 1.0.0 today. You are welcome to download and try it, experience exchange, and community building.
Official website
Project Description
TopIAM enterprise digital identity management and control platform, referred to as: EIAM (Employee Identity and Access Management), is used to manage employee accounts, permissions, identity authentication, and application access in the enterprise, and helps integrate internal office systems, business systems, and tripartite deployments locally or in the cloud. All identities of the SaaS system realize the service of opening up all applications with one account.
system structure
core features
- Provide unified organizational information management, establish multi-dimensional correspondence, and realize efficient and unified management of enterprise personnel, organizational structure, and application information on one platform.
- Supports the integration capabilities of identity sources such as DingTalk, Feishu, and WeChat Enterprise, and realizes the data linkage between the system and the enterprise OA platform. It takes users as the management basis, and combines personnel events such as entry, resignation, job transfer, and part-time jobs, and correlates changes in relevant application permissions. Changes to ensure security control of application access rights.
- Support the integration of social authentication such as WeChat, Weibo, QQ, etc., so that enterprises have the ability to quickly incorporate Internet-based authentication.
- Support SAML2, OAuth2, OIDC, CAS, form filling and other authentication protocols and mechanisms, realize single sign-on function, pre-configure a large number of SaaS applications and traditional application templates, and use them out of the box.
- Perfect security audit, record every user behavior in detail, make every step of operation evidence-based, record enterprise information security status in real time, and accurately identify the source of abnormal enterprise access and potential threats.
- Provide standard REST and SCIM2.0 interfaces to easily complete institutional user synchronization, and realize the refined management of the account life cycle by the enterprise.
- Open source, safe, autonomous and controllable.
function list
| module | function item | Functional description |
| account management | Organizations and Users |
Support organization and user maintenance.
|
| User Group Management | Support user group maintenance. | |
| Identity Source Management | Supports synchronizing user and organization information to the system through DingTalk, Feishu, etc. | |
| Certification Management | authentication provider | Multiple authentication sources can be configured, and users can log in to the portal in different ways. |
| application management | OIDC protocol application | Supports application SSO through the OIDC protocol. |
| Form filling application | Support form filling method for application SSO. | |
| JWT protocol application | Support JWT protocol for application SSO. | |
| behavioral audit | user behavior | Record the relevant operation behavior records of enterprise users. |
| administrator behavior | Record administrator related operation records. | |
| Security Settings | general security | Support general security configuration and security defense strategy. |
| password policy | Supports configuration of user password global rules and policies. | |
| System administrator | Responsible for maintaining system user configuration, etc. | |
| system settings | message settings | Supports configuration and maintenance of email templates, email services, and SMS services. |
| IP Geobase | Support configuration of IP geographic database to achieve precise IP positioning. | |
| storage configuration | Supports configuration of cloud storage services, such as Alibaba Cloud, Tencent Cloud, MinIO, etc. | |
| System monitoring | session management | Supports viewing system login sessions, and supports offline sessions. |
Technology Architecture
- Spring Boot 3
- A powerful and highly customizable authentication and access control framework for Spring Security 6
- MySQL business function data management
- ElasticSearch full-text retrieval, log, time series data storage
- Redis distributed session, cache
- React 18 library for building web and native interfaces
- Ant Design 5 Ant Group Open Source UI Component Library
Subsequent planning
- CAS protocol support
- SAML2 protocol support
- SCIM 2.0 protocol support
- Unified application permission management and control
- Multilingual SDK
- More........
License
