Identity Management

Automated Provisioning and Unified Identity Administration


EmpowerID provides workflow-driven user provisioning and multi-directory identity and resource administration. By automating the entire process of provisioning, managing, and de-provisioning user accounts and application access across multiple directories, EmpowerID unifies the management of users, mailboxes, and other resources under a single role-based delegation and administrative model. One set of centrally-managed access and automation policies eliminates the tedious, repetitive, and labor-intensive manual procedures required to provision and manage access for both on-premise and cloud systems.



HR-Driven Provisioning

For many enterprises, the Human Capital Management (HCM) system is the authoritative source of user data for employees and all status changes - including pre-hire interview process, start-date, transfers and terminations - are managed and initiated within the HCM. EmpowerID integrates with an organization’s HCM to provision to both cloud and on-premise applications, EmpowerID ensures that each user has the correct application accounts, based on either a role, group membership or user request. Of equal importance to provisioning user accounts is de-provisioning user accounts, either due to off-boarding or role change.

Non-HR Driven Provisioning (Contractors, Partners, and Customers)

Not all users that require access to an organization’s IT systems will reside in an HCM system yet the same level of security and automation is required. For these identities, EmpowerID provides flexible and easy to use workflow processes to automate onboarding, transfer and offboarding. The same policy-based provisioning engine automates what gets provisioned for these identities based on their roles, and organizational affiliation.

External Identity Directory

Your business exists outside of your employee base, external users need accounts on your network and it doesn’t make sense to provision AD accounts for them. The EmpowerID Identity Warehouse allows you to off self-registration and manual provisioning of accounts for your suppliers, partners, customers and other external users without compromising internal AD security. The Identity Warehouse provides full self-service and delegated administration capabilities that allow end users to manage their passwords and identity associations.

Unified Directory Administration (ADUC Replacement)

Identity Administration – Each user identity has a lifecycle, their roles and responsibilities change often, some estimates as high as a 20+% internal turnover per year. EmpowerID automates these changes when possible and for those that are not, provides a unified RBAC security model, user interface, and hundreds of workflows, covering delegated administration and self-service of Active Directory, LDAP, and custom application users and groups, Exchange mailboxes, and Lync without requiring delegation of native permissions. The unification of administration into a single web interface and set of workflows with a single robust Role-Based Access Control security model eliminates complex permission management in these systems and drives down ongoing costs associated with IT administration.

Group Management

Groups are vital to an enterprise, whether it is Active Directory groups, LDAP groups or SharePoint groups. With a user account, your employees can log on to the network or application. With group memberships, they can accomplish their jobs. EmpowerID offers a central place to manage group membership either dynamically or through self-service for all of types of groups. Auditors love the ability to attest to group membership or group permissions. Group lifecycle gives you the ability to clean up unused or unwanted groups on a scheduled basis. Map groups to roles or have them managed standalone, EmpowerID gives the option and choice.

SharePoint Access Management

Close collaboration with partners is often the key to staying competitive in today's digital economy and a SharePoint portal is often the center piece of this collaboration infrastructure. The challenge is that securely managing IDs and access can be slow and cumbersome for your IT staff and often time-consuming. EmpowerID was designed to provide a complete multi-tenant access management solution for SharePoint without requiring any customizations. EmpowerID includes everything needed including a universal identity store, self-service user interfaces and workflows, and all of the security controls to manage and recertify SharePoint access.

Mailbox and File Share Management

EmpowerID inventories shared folders, Exchange mailboxes, and their permissions to provide centralized access reporting and audit, delegated permissions administration, automated role-based access control, and self-service access request workflows. EmpowerID also provides full delegated administration and automated provisioning of mailboxes for on-premise Exchange and Office 365.

Password Management

Forgotten passwords lead to frustration and are typically the number one source of helpdesk calls. EmpowerID reduces these incidents notifying users before their passwords expire and when needed, allowing them to securing reset their forgotten passwords from their Windows login screen, the web or their mobile device without requiring helpdesk intervention. And with the password change detection agent for Active Directory, native password changes and captured to always keep a user’s passwords in sync.

Role Management

EmpowerID includes a powerful 3-tiered role model that combines the structured approach of traditional RBAC with the dynamic flexibility of attribute-based access control (ABAC). These policies extend to control access to all of your systems, eliminating the need to grant administrators native permissions.

A shopping cart experience simplifies the role access request process. Users simply search for the roles or access they need and add them to their cart.

Periodic recertification and risk management ensure that role audits are performed quickly and easily using built-in recertification policies that snapshot the members for each role and the access they grant.

Broad System Connectivity

EmpowerID supports user provisioning and security management for on premise and cloud systems using both its Identity Warehouse and synchronization services as well as providing the ability to perform live real-time administration using workflows. The most popular systems are fully supported with in-depth functionality for provisioning and administration in systems such as Office 365, Google Apps, Amazon AWS, SalesForce.com, AD, LDAP, AS/400, Box.com, local groups on Windows Servers, SharePoint, and others. Custom-developed applications can be easily accommodated using the EmpowerID Universal Connector. The Universal Connector greatly simplifies connecting EmpowerID to a custom system, saving time by allowing staff to start building connectors immediately without specialized training.

Key Features and Benefits:

  • Reduces the cost of user provisioning by eliminating tedious, repetitive, and labor-intensive manual procedures
  • Frees constrained technical resources by securely delegating to users and privileged staff
  • Strengthens security and assists with compliance requirements by providing instant reports on user access to resources and user activity history
  • Streamlines ongoing delegated administration of multiple directories and applications from a single unified console
  • Reduces risk by automating group membership and application role assignments, eradicating the threat of privilege accumulation
  • An Identity Warehouse and sync engine inventories and continuously monitors directories for changes and then syncs those changes to all subscribing directories
  • Role-based provisioning policies determine the user accounts, mailboxes, home folders, and other resources to be created in various enterprise systems based upon a person's job function and location
  • Fully programmable allowing all user management actions to be exposed via a secure web services API
  • Rich audit trail of all activity meets the key requirements of corporate compliance and governance initiatives
  • Workflows to restore deleted users and bring back their attribute values and group memberships

Call Toll Free:
1.877-996-4276