On-Premise. Federated Identity

OFIS is an on-premise federated identity management system

that provides seamless and secure access to thousands of applications using Single Sign-On technology. Integrated with our Virtual Identity Server (VIS), OFIS provides multi-factor authentication and authorization from any data store.

sign on

OFIS is an on-premise offering from Optimal IdM that provides everything you need in a federated single sign-on solution.

With it, users — whether on-premise, cloud hosted or federated — have seamless access to applications in the cloud and/or on-premise.

OFIS is much more than just a self-service password reset tool for Active Directory. The application’s built-in entitlements framework engine provides an easy to use and powerful claims based authorization solution. Application administrators define entitlements and specify both who can request access to them, and who can approve/deny access. Using the web interface, users’ requests are routed via email and delegated to administrators to approve or deny. As users authenticate, these additional entitlement/claims are added to the claims sent to the application.


Increased Security and Control

Eliminate Deployment Barriers

The Virtual Identity Server provides an enhanced application environment. VIS allows organizations to rapidly and easily deploy applications to users existing in multiple Active Directory forests or directories

  • The VIS Schema Manager™ eliminates the need to extend the Active Directory schema for third party LDAP applications.
  • VIS allows you to rapidly deploy applications to users existing in multiple Active Directory Forests without any forest trusts.
  • VIS simplifies your identity management deployment by accessing data at its source directly.
  • VIS provides multiple views of data, allowing for easy discreet application views of enterprise data.

Reduced IT Costs

By providing a federated single sign-on for your users, OFIS increase the value of your existing Microsoft environment. Both applications:

  • Leverage the existing investment in Microsoft technology, extending it with increased functionality.
  • Are developed in .NET technology and is designed to seamless integrate with your Microsoft environment.
  • Continue to grow with an organization’s needs.
  • Are proven solutions for Microsoft applications such as SharePoint and MIIS/ILM

Meet Audit and Compliance Initiatives

A complete federated identity provider, OFIS can help you answer questions such as:

  • Who has logged in and when?
  • What changes were made to data and when?
  • Who was added to the Administrators group today?
  • What changes did “Bob” make?

Cloud vs. OFIS Comparison

Understanding costs differences between Identity as a Service (IDaaS) and On Premise Deployments


Usage of the cloud has become more and more prevalent, even for areas that were classically on premise deployments.  For example, the cloud Identity as a Service (IDaaS) market has grown substantially over the last few years.  A major reason for the cloud adoption is that organizations have started to understand the true costs of maintaining an on premise identity deployment.

Historically organizations didn’t realize the true cost of maintaining the solution until after it was purchased and deployed.   Once deployed, employees needed to be trained and become “experts” to be able to fully support and maintain the environment and unfortunately many identity management deployments are complicated. Over time organizations have started to realize that by leveraging cloud solutions they can effectively outsource these deployments to organizations that specialize in certain areas.

Read more


Does OFIS provide audit capabilities?

faq-imageYes. All activity is optionally logged to a Microsoft SQL server database. This includes: who authenticated, when, how, to what application and with what claim values. There are audit reports that come out of the box for an administrator to run.

How can I control who has access to what applications using OFIS?

Using the built in Entitlements system of OFIS, an administrator can create custom claims that users can request access to. When a user requests access, the built-in workflow sends the request to either a delegated administrator or a claims administrator for approval or denial. If approved, this additional claim is added (claims are augmented) to the list of claims after authentication. These claims can be utilized to create very granular fine grained access to not only applications but also specific permissions such as a SharePoint document library.

What applications does OFIS provide authentication?

OFIS is a 100% full Federation solution that can provide access to any application that supports the federation standards. This includes both on premise applications as well as Cloud applications such as Sales Force, Concur, Office 365, etc.

Does OFIS provide any way to host other identities such as partners or customers?

Yes, this is built-in to the solution. Users can be created manually using the web interface, or they can self-register using the built-in self-registration module that includes workflow approval of users.