Optimal IdM

Optimal IdM delivers a cloud identity service (The OptimalCloud) with standards-based SSO, MFA (including passkeys/WebAuthn), and lifecycle automation via SCIM 2.0. It’s complemented by Virtual Identity Server (VIS), a virtual/universal directory that unifies multi-forest and heterogeneous identity sources and by an Authentication-as-a-Service (AaaS) offering for MFA/passwordless APIs.

Key Capabilities

• Standards-based federation & brokering: Operates as an IdP and broker across SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation/WS-Trust, bridging external IdPs and applications.

• MFA & passwordless: Enforces TOTP, push, SMS/email/voice, and FIDO2/WebAuthn passkeys for passwordless sign-in and step-up authentication.

• SCIM provisioning: Supports SCIM 2.0 for inbound provisioning into The OptimalCloud and outbound provisioning to target services to automate user lifecycle.

• Multi-forest & heterogeneous directories: Uses VIS to present a unified, policy-controlled directory view across AD forests and other identity stores for claims-based apps (e.g., Microsoft 365).

• Partner/multi-tenant operations: Provides a Partner Platform for white-label, multi-tenant onboarding and delegated administration.

Limitations

• Advanced OAuth profiles: Public materials emphasize core OAuth/OIDC/SAML; there isn’t enough information to confirm support for PAR, DPoP, or mTLS-bound tokens.

• SCIM documentation depth: SCIM 2.0 is stated, but detailed schema/endpoint references are sparse; validate specifics for your targets.

• Ecosystem complexity: The mix of The OptimalCloud (SaaS), VIS (virtual directory), and AaaS introduces more moving parts than a single-SKU SaaS IdP.

• On-prem vs. cloud split: While VIS and on-prem federation components (e.g., OFIS) exist, most modern capabilities are positioned within The OptimalCloud.