Home
✨ Key Features¶
-
Hub-and-Spoke Synchronisation
Central metaverse architecture for identity correlation across all connected systems. Bidirectional sync of Users, Groups, and custom object types.
-
Multi-Directory LDAP
Active Directory, OpenLDAP, 389 Directory Server, and other RFC 4512-compliant directories, all supported out of the box.
-
Container-Native Deployment
Deploys as a single Docker stack with no legacy infrastructure requirements. Bundled or external PostgreSQL.
-
Single Sign-On (SSO)
OpenID Connect authentication with any OIDC-compliant Identity Provider. PKCE for enhanced security.
-
Expression-Based Transforms
Transform data using expressions with built-in functions for common identity operations.
-
REST API & PowerShell
Full REST API with OpenAPI documentation, plus a cross-platform PowerShell module for automation and Identity as Code.
-
Air-Gapped Ready
Fully functional without internet connectivity. No cloud dependencies -- designed for sensitive and high-assurance environments.
-
Extensible Connectors
Built-in LDAP and CSV connectors, with a framework for developing custom connectors for bespoke scenarios.
🎯 Scenarios¶
JIM supports common Identity Governance & Administration (IGA) scenarios:
- Joiner/Mover/Leaver (JML) Automation: Synchronise users from HR systems to directories, applications, and downstream systems
- Attribute Writeback: Keep HR systems current by writing IT-managed attributes back (e.g. email addresses, phone numbers)
- Domain Consolidation: Prepare for cloud migration, simplification, or organisational mergers
- Domain Migration: Support divestitures and system decommissioning
- Identity Correlation: Bring together user and entitlement data from disparate business applications
🚀 What Makes JIM Different¶
Enterprise identity synchronisation typically requires cloud connectivity, complex infrastructure, or expensive licensing. JIM takes a different approach: it deploys as a single Docker stack, runs entirely on-premises, and works in air-gapped networks with no external dependencies. Source-available code means you can inspect, audit, and verify everything JIM does with your identity data.
- Air-gapped deployment
- No cloud dependencies
- Container-native
- Source available
- SSO with any OIDC provider
- Full REST API
- PowerShell automation
🗺️ Quick Links¶
-
Getting Started
Deploy JIM and run your first synchronisation.
-
Concepts
Understand the metaverse, connected systems, synchronisation rules, and more.
-
Administration
Configure, monitor, and manage your JIM deployment.
-
Connectors
Connect JIM to LDAP directories, CSV files, and more.
State of Development¶
JIM has reached MVP completion. The core identity lifecycle is fully functional:
- Import identities from source systems (LDAP, CSV)
- Sync to reconcile identities in the central metaverse
- Export changes to target systems with pending export management
- Schedule automated synchronisation using cron or interval-based triggers
💬 Community & Support¶
JIM is built in the open. GitHub Discussions is the place to engage with the maintainers and other users.
- Questions and setup help
Start a thread in the Q&A category. Search existing threads first. - Feature ideas and suggestions
Post in the Ideas category. Upvotes on existing ideas inform roadmap prioritisation; prefer adding signal to a duplicate over creating a new thread. - Bug reports
Open a GitHub Issue. - Security vulnerabilities
Follow the Security Policy; please do not report security issues in public Issues or Discussions.
Licensing¶
JIM uses a Source-Available model where it is free to use in non-production scenarios, but requires a commercial licence for use in production scenarios. Full details can be found here.
More Information¶
Please visit https://tetron.io/jim for more information.