Identity Warehouse & Sync Services

Identity Warehouse, Sync Engine and Identity Correlation

The EmpowerID Identity Warehouse and synchronization services are used to inventory connected systems, process changes through rules and policies, and then push the appropriate changes out to the affected systems. The Identity Warehouse and sync services use the inventoried information to perform identity correlation and link disparate application user identities with the actual people who use them.

In addition to these traditional Identity Warehouse functions, the EmpowerID Identity Warehouse acts as an Identity Warehouse and as a directory. As an Identity Warehouse, EmpowerID inventories and stores the resources that exist in managed systems, the rights assignments for these resources as assigned in those systems, and the definitions of rights (or roles) used by that system. The Identity Warehouse also stores EmpowerID RBAC information, such as the definition of EmpowerID roles, role assignments for managed system resources, business location structures for delegation, dynamic RBAC policies for provisioning or de-provisioning resources, and all other RBAC policies and settings.

As a directory, the EmpowerID Identity Warehouse is able to perform user authentication for EmpowerID and any other applications that support SAML, WS-Trust, OAuth, RADIUS, or the Microsoft Membership and Role provider model. The Identity Warehouse maintains a Person object for each human person that uses or is managed by the system and anchors any accounts that a person may own in foreign systems to that one Person object. The Person object is what authenticates a user into the EmpowerID system and allows them to perform any tasks authorized by their security assignments. Applications may leverage EmpowerID for authentication in lieu of requiring an Active Directory account or simply leverage EmpowerID for single sign-on (SSO).

Key Features:

  • Synchronizes information between directories, systems, and applications including AD, LDAP, HR, ERP, database applications, and custom applications
  • White page views of Identity Warehouse information provide friendly and interactive end user interfaces for viewing and managing consolidated directory information
  • Extensibility which allows organizations to define their own types of protected resources, rights definitions, roles, and policies
  • Distributable and scalable multi-instance sync engine capable of handling the largest and most demanding environments
  • RBAC Identity Warehouse encompasses resources and their rights assignments within managed systems in addition to the common Identity Warehouse function of managing user accounts
  • Identity Warehouse acts as an extranet or application directory for applications that support federation standards or the .NET Membership and Role Provider model
  • Active Directory Password Change Agent resides on Domain Controllers and captures native password changes
  • Dynamic policy enforcement platform automates many aspects of account management and policy-based provisioning and rights assignment across enterprise systems and directories
  • Syncs password changes and unlocks between Active Directory, LDAP, and custom applications
Call Toll Free: