Welcome to an insightful exploration of Evolveum, hosted by
Website Planet, a trailblazer in open-source identity governance and administration through its robust platform, midPoint.
Co-founded by Igor Farinic in 2011, Evolveum stands out not only for its pioneering software solutions but also for its commitment to community-driven development. Recognized by leading analysts like Gartner and KuppingerCole, midPoint excels alongside commercial counterparts, thriving across diverse industries thanks to its adaptability and extensive support system.
Dive into our discussion with Website Planet to learn how Evolveum’s transparent, collaborative approach is reshaping identity management.
Please present Evolveum to our audience. What services do you offer?
I co-founded Evolveum in 2011, and ever since then, we have been dedicated to creating, developing, and maintaining the open-source identity governance and administration (IGA) platform called midPoint. We have been focusing on bringing the best talent to the company from the start, and thanks to that, midPoint is now capable of competing with the best commercially known IGA products in the industry. It has even been recognized by Gartner and KuppingerCole Analysts as the only open-source complete IGA suite.
We are a professional open-source company that follows the main principles of the open-source community. This means we provide full transparency into midPoint’s code, our support platform, and technical documentation. MidPoint’s users, Evolveum’s partners, and other enthusiasts all participate in building a strong community.
Of course, midPoint’s success would not have been possible without our customers. We offer paid services with the biggest focus on Support Subscriptions to cover product bug fixing and the development of missing features. Occasionally, we also provide Consulting Services to assist with midPoint projects and customer-specific configurations. Lastly, there is Training and Certification to help our community fast-track their knowledge.
What types of organizations and sectors have successfully implemented midPoint, according to your case studies or references?
When we look at the types of organizations and sectors that have successfully implemented midPoint, they are quite diverse. Thanks to its flexibility and compatibility with various systems, which is largely due to our growing list of compatible connectors, midPoint has found its way into deployments across the globe.
We have seen it thrive in various industries, particularly in sectors like higher education, where it has gained wide recognition within organizations such as Internet2 and the InCommon Community. Additionally, we have seen successful implementations in government, telco, healthcare, and financial services institutions.
More public references and case studies are published on our website for further insights.
Could you explain the importance and role of the community in the development and support of midPoint?
Our community of subscribers, partners, and other enthusiasts play a vital role in midPoint’s success in being the leading open-source identity governance and administration platform. They contribute to developing connectors, translate midPoint into different languages, and actively engage in our forums.
Members of the midPoint community are encouraged to contribute to midPoint’s improvement, although all contributions undergo a thorough evaluation by Evolveum. Strict criteria, including quality, future maintainability, and licensing are applied before accepting any contributions to midPoint’s core.
In addition, the community gets involved in many other ways. They are an integral part when it comes to testing and reporting product bugs to Evolveum, which is especially helpful before a planned midPoint release. They also actively participate in configuring new samples, ensuring that midPoint remains flexible to different user needs.
This collaborative effort between Evolveum and its community ensures that midPoint continues to thrive as the leading open-source identity governance and administration platform.
What training and support options does Evolveum offer for new and existing midPoint users?
Our Support Subscriptions are a crucial consideration to tailor the platform to organizations’ unique needs and unlock its full potential. These subscriptions are available through any of our official partners, ensuring seamless service delivery without compromise. When it comes to Support Subscriptions, we offer three distinct options – Product Support, a Platform Subscription, and an Academic Subscription – each designed to cater to different user requirements.
For those seeking active Product Support, our aim is to provide comprehensive third-level product support focused on addressing any bugs within the midPoint product. Moving beyond bug resolution, the Platform Subscription offers a premium service scope, such as developing missing features, enhancing the midPoint core, refining product documentation, and providing useful product samples. It is worth mentioning our fruitful collaboration with the higher education community.
Through our Academic Subscription, institutions in this sector can access third-level product support and additional bonus services, further enriching their midPoint experience.
In addition to other benefits subscriptions bring, active subscribers can enjoy exclusive access to certain self-paced training courses included in their subscription. This empowers them to delve into our training curriculum at their own convenience and train their IAM team.
We also offer paid training courses, providing users with flexible options to suit their preferences. Whether it is on-site, virtual live, or self-paced formats, users have the freedom to choose the training style that best fits their needs.
Find out more at:
www.evolveum.com
How does Evolveum ensure the security and scalability of midPoint deployments, especially in complex or highly regulated environments?
It has been quite a journey since we kicked off the midPoint project back in 2011. Initially, our primary focus was to cater to mid-size organizations. However, as time went on, midPoint evolved and our deployments became increasingly expansive and ambitious. Today, midPoint isn’t just being utilized in organizations with a couple hundred employees; we have seen it successfully deployed in environments with tens of millions of identities.
In fact, our recent endeavor, midScale, is specifically designed to support midPoint deployments of such massive scale.
Thanks to the invaluable feedback from our community, which stems from their extensive exploration and testing of midPoint, we have been able to enhance its stability and security to a level that surpasses many closed-source products. While we do prioritize issue reports from our subscribers, it is essential to emphasize that security concerns always take precedence. Following the resolution of any security issue, Evolveum promptly publishes security advisories at the appropriate time.
In 2019, midPoint was afforded a significant opportunity to participate in the EU-Free and Open Source Software Auditing (EU-FOSSA2) bug bounty program, wherein hackers from across the globe rigorously tested its security and integrity. Furthermore, in 2023, midPoint underwent a thorough penetration test conducted by Radically Open Security. This assessment involved auditing the source code and conducting penetration tests on various aspects in collaboration with Evolveum. Thanks to these initiatives, alongside similar efforts, midPoint stands today as more secure than ever before.
In addition to prioritizing security, at Evolveum, we recognize the significance of adhering to regulatory standards and requirements from various entities, including government bodies and international organizations. As a vendor, we place great importance on compliance frameworks, such as the NIST Cybersecurity Framework, ISO 27000 series, GDPR, and NIS2.
Through our open-source identity governance and administration platform, we are actively assessing how midPoint can assist organizations in achieving compliance. While official certification is typically granted to institutions, midPoint plays a crucial role in helping organizations meet the necessary requirements for compliance. Looking forward, we are committed to enhancing our platform by integrating built-in tooling, such as compliance checklists and dashboards. These features will further empower our users on their compliance journey and ensure they remain aligned with regulatory standards and requirements.
So, whether it is ensuring the security or scalability of midPoint deployments, even in the most complex or highly regulated environments, rest assured, we are constantly innovating to meet the evolving needs of our users.
