Identity Information Broker: Everything you need to know
Our my-IAM platform works with identities of all kinds – whether employees, partners, customers, or other external contacts. It doesn’t matter whether these identities are located within or outside the company.
The my-IAM platform serves as a modern identity information broker. But what exactly does that mean? And how does it differ from a traditional identity provider? We’ll explain.
Index
What is an identity information broker?
An identity information broker is a system that collects, consolidates, and enriches identity data from different sources and makes it available for a wide variety of applications and services. Unlike traditional identity providers (IdPs), which primarily authenticate identities and enable single sign-on, an identity information broker acts as an intermediary and distributor of identity information – regardless of the source or target system.
Core functions of an identity information broker
Integration of multiple identity sources: Connects directories (e.g., Active Directory, Entra ID), HR systems, CRM, specialist applications, and much more.
Consolidation and enrichment: Consolidates identity and group data, cleans up duplicates, performs mapping and merging, and enriches information according to defined logic.
Real-time provisioning: Delivers current identity data and group memberships where they are needed – for people, applications, or connected services.
No separate authentication: Uses the authentication of the source systems and target applications, but does not perform any authentication itself.
Distributed identity management: Enables identities of all kinds (employees, customers, devices, rooms, etc.) to be used across systems – everything is maintained “locally.”
Individual provisioning & self-service: Users and departments can maintain identity information themselves and use it immediately in various apps – without central administration.
Why do you need an identity information broker?
An identity information broker such as my-IAM significantly reduces the integration effort within the company: Instead of having to connect many different systems – such as HR, CRM, or Active Directory – individually and synchronize them in a time-consuming process, a single interface to my-IAM is all you need.
👉 This provides consolidated identity data from all relevant sources via a uniform API, always in the same format.
The broker handles the general integration, data preparation, and standardization – no longer each individual target application.
This reduces complexity, minimizes sources of error, and lowers development and implementation costs. As a result, departments can focus on using the data without having to deal with the technical idiosyncrasies or formats of different systems.
How does an identity information broker differ from a traditional identity provider?
| Identity Information Broker | Identity Provider | |
| Focus | Integration, consolidation, and provisioning of identity data | Authentication & SSO |
| Data sources | Many different source systems | Usually a central source |
| Provision | Provides identity information & groups in other systems | Authenticates users, passes tokens to applications |
| Life cycle | Life cycle remains in the source systems – broker synchronizes and consolidates | Management of identities mostly in its own system |
| Target groups | All identities: e.g. internal, external, devices, organizational units | Internal users, partners (if applicable) |
| Use cases | Holistic identity management, address book, group management, self-service | SSO, authentication, assignment of authorizations |
Practical example: my-IAM as an identity information broker
The my-IAM platform explicitly sees itself as an identity information broker. Its core idea:
„The focus is not on the identity process itself, but rather on the availability of all identities in all applications.“
The platform consists of various backend and frontend services:
Typical features of the my-IAM platform:
-
Distributed identity management: my-IAM integrates identities from a wide variety of systems without central migration or complete takeover of processes.
-
Real-time data provision: Services such as RealIdentity consolidate identity data from AD, Entra ID, CRM, or HR systems in real time. The data remains in its home location and is linked and synchronized via interfaces.
-
Group management: With RealGroup, groups and members from different source systems are consolidated, duplicates are removed, and the data is made available for SaaS applications (such as M365, Salesforce), internal systems, and security infrastructures.
-
Self-service: Employees can maintain their own contact data, and departments can manage group memberships, all with maximum flexibility and customizability.
-
Headless integration: The platform is interface-based, flexibly scalable, and can continue to use existing authentication systems. It does not replace existing authority systems, but intelligently connects them with each other.
Example applications of an identity information broker
Building a cross-organizational identity directory without system migration
The SaaS solution PeopleConnect compiles identity data from various source systems and presents it in a modern user interface. This gives companies a cross-organizational overview of all internal and external contacts.
PeopleConnect can be used as a separate app or directly in Teams.
With PeopleConnect, it is possible to create new identities using individual templates and edit users.
Read our project report on a successful Mendix connection to replace an outdated organizational directory:
👉 Use different identity data for Mendix application
Automated provisioning of group memberships in cloud applications
The IDM-Portal, an identity and access management solution from FirstAttribute, uses the services of the my-IAM platform to display users and their group memberships from different directories on a user-friendly interface.
User and group information from various directories can be accessed and edited in the IDM-Portal.
The portal writes back to the source systems, meaning that changes to users or group memberships are immediately transferred to AD and Entra ID. This eliminates the need for time-consuming switching back and forth between different applications. Automated processes ensure that all permissions are immediately revoked when user attributes are changed.
Summary
An identity provider is the classic system for authentication and single sign-on. It usually manages identities centrally and is particularly well suited for access and authorization control. An identity information broker such as my-IAM, on the other hand, offers maximum flexibility in the integration and use of identity data – for today’s modern distributed, heterogeneous, and hybrid system landscape.
The result: Companies can accelerate their digital transformation while avoiding system disruptions, reducing complexity, and optimally mapping individual requirements for modern identity management.
More about the my-IAM platform
The my-IAM platform combines all identities from different source systems and makes them available for applications and apps of any kind. In addition to the MS Teams-integrated app my-IAM PeopleConnect, it includes the business services my-IAM RealIdentity and my-IAM RealGroup.
You can also reach us by phone at
+49 8196 998 4330.
