Importing A Graph Data Model into ForgeRock IDM with Accuracy and Speed

In a recent data modeling project where entities were highly interconnected with each other, our team at Nulli had to go through multiple iterations of designing a data model using the Neo4j arrows.app and then implementing it into ForgeRock Identity Management (IDM) to test if the model satisfied the project requirements. Several iterations required minor changes to the data model, while others needed a complete overhaul. This created a tedious and error-prone process, regardless of the number of changes in the data model between iterations. For every iteration, the data model design team had to work with the engineering team to verify the new ForgeRock IDM representation of the data model, further delaying the implementation.


To simplify the implementation phase in each iteration, we developed a proprietary tool called Graph2IDM. The following is an overview of how to use Graph2IDM to automate the implementation of the data model in IDM in just a few steps.


Step 1: Design the Data Model

We chose to work with arrows.app by Neo4j since it allows us to draw the data model as a directed edge-labeled graph with properties on both nodes and relationships. The image below shows a sample data model consisting of the User and Application object types along with the singleton and JSON type properties. The image also includes annotations to provide the metadata for both the object types and their properties. Note that usesApp is the property that relates the User object type to the Application object type.


Sample Data Model:


Sample Data Model


Step 2: Import Data Model into Neo4j

Because we used the arrows.app, it allowed us to export the data model as a Cypher Create query seamlessly. Once exported, we executed the Cypher Create query into the Neo4j database instance.



Step 3: Extract Current IDM Schema File

In this step, we extract the object schema file from our IDM instance. The IDM object schema file is found at <Base_IDM_Directory>/conf/managed.json. A benefit of Graph2IDM is that it works with any existing managed.json file. It updates the IDM schema file to incorporate the data model designed in Step 1. Even if we are working with a new IDM deployment, we still have the default managed.json file that is shipped with IDM.

Note that we did not define the whole schema in our design; instead, we only created the objects and properties that are relevant to the data model updates we wish to make. These updates can include either new or existing objects and properties.



Extracted Source managed.json File:

Extracted Source managed.json File

Step 4: Execute Graph2IDM

To generate a new IDM schema file, Graph2IDM connects to the Neo4j instance we made in Step 2, and uses a managed.json file from Step 3. This new IDM schema file updates the schema defined in the managed.json file to include the changes designed in Step 1.



Executed Graph2IDM:

Executed Graph2IDM


Step 5: Deploy the new IDM Schema File

We are now ready to deploy the newly generated IDM schema file into our IDM instance and test the latest data model design.



Deployed New managed.json File:

Deployed New managed.json File

Once deployment is complete, we now see the schema updates in our IDM admin user interface. The updates provided by the Graph2IDM tool can be seen in the Managed Objects section of the IDM Admin interface. The screen shows the list of managed objects defined in the managed.json file, including the newly created Application object. The details of each managed object type and the updated list of attributes designed in the Sample Data Model can also be seen on this interface.



Application Object Introduced in IDM:

Application Object Introduced in IDM



Properties for Application Object:

Properties for Application Object


usesApp Property Introduced for User Object:

usesApp Property Introduced for User Object


Terms of Use Property Details:

Terms of Use Property Details


Interested in Graph2IDM? Contact us to discuss how we can help.