Meet Inalogy at the midPoint Community Meetup 2026

When you pick a proprietary IGA platform, your roadmap is decided in a closed meeting room in Redmond or Austin. When you pick open source, you can be in the room. The Evolveum midPoint community meetup 2026 runs 12–15 May in Prague, and two Inalogy engineers are on the agenda. Here is what they are presenting, and why the meetup is worth your calendar slot even if your team is not yet on midPoint.

Why the Roadmap Room Is a Procurement Criterion

Identity governance is a ten-year decision. The tool you pick this year will be in production after most of the people who picked it have changed jobs. That makes one question more important than any feature matrix: who decides where the platform goes next, and how do you get a seat at that table?

With proprietary IGA, the answer is short. You do not. You file an enhancement request, it joins a backlog, and a product manager you will never meet decides whether it ships in a release two years out. If your use case is niche — public sector, higher education, specific regulatory markets — you will be outvoted by the top ten customers every time.

The midPoint community meetup is the opposite of that dynamic. It is the one week each year where the engineering team behind midPoint, the implementation partners, and the customers running it in production are in the same room, working through what should ship next. There is no product-marketing filter. The decisions made in Prague in May turn into commits in the repository within weeks.

Two of those decisions over the past few years came directly from the Inalogy team. That is the context for the sessions below.

Two Sessions, One Thread: midPoint Reaching Past Its Own Borders

Inalogy has two talks on the meetup agenda this year, and although the topics look different at a glance — one about authentication strength, one about inbound data modelling — they are both addressing the same underlying problem. Traditional IGA draws a clean line around itself: identities in, provisioning out, everything else is someone else’s system. That line is where most real-world integrations get stuck.

František Mikuš, a Senior IDM Consultant at Inalogy, spent the last year working with the National Bank of Slovakia on the question of what happens when governance decisions should actually drive authentication decisions — when the Level of Access computed inside midPoint needs to reach into Keycloak and change the user’s login experience in real time. His session Who Are You, Really? LoA From Governance to Auth Flow walks through the production design.

Peter Javorka, also a Senior IDM Consultant at Inalogy, comes at the same problem from the opposite direction. His day-to-day work spans the full project lifecycle — gap analysis, architecture, configuration, deployment, production support — for public-sector and enterprise clients often deploying structured identity management for the first time. Before Inalogy he did identity governance at scale inside a large corporate environment: complex organizational structures, multi-source HR feeds, approval workflows, strict compliance. His session Beyond Attribute Mapping: Shadow Associations for Relational Identity Inbound shows how midPoint can consume relational source data natively, instead of flattening it into attributes and reconstructing the relationships downstream with scripts.

The common thread: in both cases, midPoint stops being “just the provisioning engine” and becomes the authoritative source for a decision that another system (Keycloak on one end, the target application on the other) will act on. That is the direction the platform is moving, and the two sessions below are concrete, shipped examples of where it already works.

Session 1 — František Mikuš (NBS): Who Are You, Really? LoA From Governance to Auth Flow

Identity governance and authentication are usually treated as separate concerns. The IGA team decides who should have access; the IAM/SSO team decides how they prove they are themselves. The gap between the two is where most adaptive-authentication programmes quietly fail — strong policies on paper, a blunt “always MFA” setting in production.

František walks through a real-world implementation built for the National Bank of Slovakia (NBS) where midPoint directly drives the authentication strength a user is subjected to. The design computes each user’s Level of Access (LoA 1–3) from their roles and organizational context, then orchestrates the prerequisites before authentication ever happens:

• Requesting or issuing certificates from a CA (for lower LoA levels midPoint issues directly).
• Assigning the governance roles that determine which authentication factors — OTP, smart card, push — the user is permitted to use.
• Propagating the computed LoA as an attribute that downstream systems can consume.

Red Hat Build of Keycloak then takes midPoint’s output and enriches it with its own context — client configuration, realm settings, IP address, third-party signals — to determine the final authentication requirement inside a single, seamless flow. The user sees one login prompt, not two.

The key differentiator from off-the-shelf step-up authentication: the design distinguishes factors that are always required from factors that are dynamic. Users are prompted only for what is genuinely missing at the requested LoA, not forced to re-authenticate with factors they already satisfied at a lower level. This is the practical difference between adaptive authentication that users tolerate and adaptive authentication that generates a ticket queue.

Attendees leave with a concrete, production-tested pattern for connecting governance in midPoint to adaptive authentication in Keycloak — end-to-end, role-driven, and already running at a central bank.

Session 2 — Peter Javorka: Beyond Attribute Mapping — Shadow Associations for Relational Identity Inbound

Inbound synchronization typically maps attributes one-to-one from source to target. That works when a person has one job at one employer. It falls over the moment source data is relational — one user belonging to multiple organizations, each with its own role, grade, and validity window.

Peter’s session shows how midPoint’s shadow associations handle inbound synchronization of relational identity data without flattening or post-processing. Instead of collapsing multi-valued memberships into user attributes, each organizational relationship is synchronized as a separate association carrying its own metadata. A teacher who also works as an administrator at a second school comes in as two distinct associations on the same user — not as a pipe-separated string that some script has to parse downstream.

Those associations then drive what happens next: which accounts get provisioned, which licenses get assigned, what access each institution grants. Everything is resolved per association, not per user. The pattern removes the class of bug where a post-processing script tries to reconstruct relationships that were already lost during import.

Peter walks through the implementation end-to-end:

• How source systems feed data through intermediate database tables.
• How ScriptedSQL connectors expose relational data as associations.
• How midPoint’s inbound mappings turn those associations into organizational assignments with full extension metadata attached.

If your identity feed has ever arrived as a CSV with pipe-separated role lists and you wrote a 200-line script to unpack it, this session is written for you. The shadow-association pattern is what replaces that script.

Why This Meetup Matters If You’re Evaluating midPoint

If you are on the fence about open-source IGA, the meetup is the single best four days of diligence you can do. Here is what you actually get in Prague that you cannot get from a vendor demo:

• Roadmap transparency. The Evolveum engineering team presents what is in the next release and what they are considering for the one after that. You can ask, on the spot, whether your use case is on the list.
• Unfiltered customer conversations. Every person walking around Prague has midPoint in production. Ask them what breaks, what they wish were different, and what they would pick again. Nobody is on stage selling anything.
• Patterns you cannot Google. The two sessions above are examples — production designs that have been battle-tested and are now documented well enough to copy.
• Direct access to partners. Inalogy and every other serious midPoint integrator is there. If you are coming off a legacy platform — MIM or SAP IDM — you can book a half-hour of real technical time on the sidelines and get actual answers.

This is also why the midPoint community meetup is part of our argument for European identity data sovereignty. A European-headquartered open-source project, with a partner ecosystem across the continent, holding its annual working meeting in Prague — this is what digital sovereignty looks like in practice, not just in position papers.

If You Cannot Attend in Person

Not everyone can carve out four days in May. A few ways to still get value from the meetup:

• Session materials. Both Inalogy presentations will be made available after the event. If you want early access or a walkthrough tailored to your environment, let us know.
• A briefing call. We run condensed, one-hour versions of both sessions for customers and prospects who want the pattern without the flight. The LoA-to-auth-flow walkthrough is particularly useful if your team is currently scoping adaptive authentication.
• Meet us at a nearer event. The Inalogy team also presents at other IAM gatherings across Central Europe and the DACH region. Reach out and we will find one that lines up with your calendar.

The meetup itself is the high point of the year for the midPoint community, but the patterns discussed there keep circulating afterward — on the Evolveum blog, in the community forum, and through partner channels like ours.

Come Find Us in Prague

If you are attending, we would genuinely like to meet. Come to either of František’s or Peter’s sessions, catch us between talks, or book a slot in advance — the schedule fills up fast and the sideline conversations are where the real decisions get made.

If you are evaluating midPoint, considering a migration from MIM or SAP IDM, or trying to connect governance to adaptive authentication in a way that does not annoy your users — these two sessions were built for those exact conversations. Bring questions. Bring your architecture diagrams. Bring the edge cases that you have not been able to solve with your current platform.

The midPoint community meetup is not a conference in the trade-show sense. It is a working meeting. And that is exactly why it matters.

If you would like to schedule time with František or Peter in Prague, or receive the session materials afterward, reach out. We will make it happen.

Inalogy. Identity Governance for the real world.