JIM is a modern Identity Management system designed for organisations with complex identity synchronisation requirements. It is self-hosted, container-deployable, and works in both connected and air-gapped networks. Features include:
- Hub-and-spoke architecture using a central metaverse for identity correlation
- Bidirectional synchronisation of Users, Groups, and custom object types (e.g., Departments, Roles, Computers)
- Multi-directory LDAP support: Active Directory, OpenLDAP, 389 Directory Server, and other RFC 4512-compliant directories
- Built-in scheduler that supports parallel operations
- Tested at 100K+ object scale with bounded memory pipelines
- Transform data using expressions with extensive built-in functions for common identity operations
- Extensible with custom Connectors (fully testable)
- Modern Web Portal and REST API with interactive Scalar API reference (in-app at
/api/referenceand published at tetronio.github.io/JIM/api/reference/) - PowerShell automation for Identity as Code (IDaC) - deploy JIM instances in minutes, not months
- Realtime activity monitoring
- Single Sign-On (SSO) using OpenID Connect
- Dark/Light mode
📖 Read the full documentation
Getting started guides, architecture deep-dives, API reference, and PowerShell automation
Enterprise identity synchronisation typically requires cloud connectivity, complex infrastructure, or expensive licensing. JIM takes a different approach; it deploys as a single Docker stack, runs entirely on-premises, and works in air-gapped networks with no external dependencies. Source-available code means you can inspect, audit, and verify everything JIM does with your identity data.
| Capability | JIM |
|---|---|
| Air-gapped deployment | ✅ |
| Cloud dependencies | None |
| Container-native | ✅ |
| Source available | ✅ |
| SSO with any OIDC provider | ✅ |
| Full REST API | ✅ |
| PowerShell automation | ✅ |
JIM supports common Identity Governance & Administration (IGA) scenarios:
- Joiner/Mover/Leaver (JML) Automation - Synchronise users from HR systems to directories, applications, and downstream systems
- Attribute Writeback - Keep HR systems current by writing IT-managed attributes back (e.g., email addresses, phone numbers)
- Domain Consolidation - Prepare for cloud migration, simplification, or organisational mergers
- Domain Migration - Support divestitures and system decommissioning
- Identity Correlation - Bring together user and entitlement data from disparate business applications
Why choose JIM?
- Modern Architecture - Container-native design with no legacy infrastructure requirements
- Secure by Default - SSO via OpenID Connect, no shared service accounts needed
- Air-Gapped Ready - Fully functional without internet connectivity for sensitive environments
- Source Available - Transparent, auditable code you can inspect and verify
- Actively Developed - Built by identity management practitioners with decades of real-world experience
JIM is a container-based distributed application implementing the metaverse pattern for centralised identity governance.
Components:
- JIM.Web - A website with integrated REST API, built using ASP.NET Blazor Server. The API is available at
/api/, with interactive Scalar API documentation at/api/reference. - JIM.Scheduler - A background service that triggers synchronisation runs using cron or interval-based schedules, with multi-step sequential and parallel execution
- JIM.Worker - A background service that processes import, sync, and export tasks with crash recovery and parallel execution support
- JIM.PowerShell - A cross-platform PowerShell module (Windows, macOS, Linux) for full configuration and automation of JIM, enabling Identity as Code (IDaC)
- A database - PostgreSQL
For detailed architecture diagrams (Component level), see the Architecture documentation.
The fastest way to get JIM running:
curl -fsSL https://tetron.io/jim/get | bashThis downloads everything you need, walks you through configuration, and starts JIM. For manual setup, air-gapped deployment, and production hardening, see the Getting Started guide.
The devcontainer includes everything pre-configured; .NET 10.0, PostgreSQL, Keycloak IdP with test users, shell aliases, and VS Code extensions. Or clone locally and open with the Dev Containers extension. See the Developer Guide for details.
Install-Module -Name JIM
Connect-JIM -Url "https://jim.example.com"JIM includes a cross-platform PowerShell module for scripting, automation, and Identity as Code (IDaC).
JIM has reached MVP completion (100%). The core identity lifecycle is fully functional:
- Import identities from source systems (LDAP, CSV)
- Sync to reconcile identities in the central metaverse
- Export changes to target systems with pending export management
- Schedule automated synchronisation using cron or interval-based triggers
For detailed feature checklists and post-MVP roadmap, see the Roadmap.
JIM uses a Source-Available model where it is free to use in non-production scenarios, but requires a commercial license for use in production scenarios. Full details can be found here.
- Documentation: tetronio.github.io/JIM
- Product site: tetron.io/jim