• Password Manager
  • User self-service for password resets and account unlocks
  • Password synchronization between enterprise systems and multiple AD domains
  • User interfaces for Microsoft SharePoint, Outlook Web Access, and the Windows Logon screen
  • Profile Manager
  • User self-service for their personal directory information with approval workflows
  • Directory information synchronization between enterprise systems and multiple AD domains
  • Improves the quality of data by providing dropdown lists and enforcing rule-based value generation
  • Provisioning Manager
  • Automated role-based user provisioning and de-provisioning for a broad range of enterprise systems and directories
  • Monitors enterprise systems providing true bi-directional communication of events and changes
  • Self-registration workflows enable users to securely add themselves to directories without administrative intervention
  • Role Enforcer
  • Enables the discovery, administration, auditing, and enforcement of a single role-based authorization model across all resources and systems
  • Role Enforcer modules leverages EmpowerID's flexible Role-Based Access Control (RBAC) to lower costs, reduce errors, and improve security
  • Modules available for: Microsoft SharePoint, Windows File Shares, Windows Print Shares, Microsoft Exchange, Active Directory and LDAP Groups, and Custom Applications
  • ILM Connect
  • Replaces complex provisioning code in ILM Management Agents with visually designed Windows Workflow Foundation workflows
  • Role-Based Entitlement Management for ILM to answer and enforce "who has access to what, why, and for how long?"
  • Increases ILM compliance with enterprise-wide reporting, automated attestation, and separation of duties enforcement
  • Connect Modules
  • Enable EmpowerID's workflow-based provisioning for a variety of directories, operating systems and applications
  • Provide password and profile information synchronization for a wide variety of platforms
  • Connect modules available for: Active Directory, LDAP, Linux/Unix, MySQL, Microsoft SQL, Oracle, Custom Applications, SAP, Midrange (AS/400), Microsoft Identity Lifecycle Manager, and custom applications
  • BPM Studio
  • Visual designer for the EmpowerID Business Process Management Server
  • Allows users to extend out of the box workflows or create entirely new ones
  • Drag and drop designer and property mapper with rich library of shapes
  • Identity Lifecycle Management
  • Automated role-based user provisioning and retirement
  • Password synchronization & self-service reset
  • Directory information synchronization & self-service
  • Delegated identity administration
  • Automated attestation & continuous compliance enforcement
  • Role-Based Entitlement Management
  • Unifies visibility, audit, and enforcement over all enterprise systems with a flexible Role-Based Access Control (RBAC) system
  • Centralizes the control of access and the enforcement of policies for users based on their specific role and location in the organization
  • Covers a broad range of IT systems including: Microsoft SharePoint, Active Directory & LDAP Groups, Windows File Shares, Windows Print Shares, Microsoft Exchange, and Custom Applications
  • Resource Lifecycle Management
  • EmpowerID's automated, self-documenting and auditable workflow processes manage the entire lifecycle of your enterprise resources
  • Full lifecycle management including: provisioning, inventorying, enforcement, management, certification and retirement
  • Lifecycle Management for Windows File Shares, Windows Print Shares, Microsoft Exchange, Active Directory & LDAP Groups, and custom applications
  • Sharepoint Extranet Directory
  • Automated workflow-based user self-registration and site access requests
  • Maintains SharePoint extranet user accounts in EmpowerID
  • Inherent security, routing, approvals, and reporting
  • Role-based delegation with workflow approvals and reporting
  • Self-service password change, forgotten password reset, and account unlock
  • User profile self-service with workflow approvals
  • Business Process Management
  • First Identity and Role-Based Entitlement Management platform built on a Business Process Management Platform (BPM)
  • Complex workflows offer comprehensive security "baked in", eliminating the vulnerabilities created by traditional workflow applications
  • Friendly workflow designer coupled with a huge library of shapes makes IT organizations more agile and SOA-compliant
  • Business Process Management
  • First Identity and Role-Based Entitlement Management platform built on a Business Process Management Platform (BPM)
  • Complex workflows offer comprehensive security "baked in", eliminating the vulnerabilities created by traditional workflow applications
  • Friendly workflow designer coupled with a huge library of shapes makes IT organizations more agile and SOA-compliant
  • Microsoft PowerShell
  • Visually design business processes by dragging and dropping PowerShell shapes and the pipeline connections between them
  • Controlled delegation of PowerShell driven workflows on a role-based access control platform
  • Automate complex systems management tasks across remote machines with detailed logging and reporting
  • Role-Based Access Control
  • Enables immediate non-disruptive roll out of a role-based entitlement management model
  • Assignment based upon what a person does and where they work dramatically reduces "role bloat"
  • Resource Role definitions ensure consistency and accurate reporting of actual access rights
  • Metadirectory
  • Provides a rich and extensible schema enabling attribute synchronization and live data access for a diverse range of directories and application servers such as Active Directory, LDAP, SharePoint Profiles, Unix/Linux, and database applications.
  • An extensive role-based access control metadirectory that models the real world with People, Accounts, Roles, Business Locations, Directories, Resource Systems, Resources, Applications, and Policies
  • Allows developers to move security code out of their applications and into a central authorization system
  • Active Directory
  • Manage Active Directory using Microsoft's most advanced technologies: .NET 3.5, System Directory Services Protocols programming layer, ASP.NET Membership & Role Provider, Windows Workflow Foundation, Windows Communication Foundation, and PowerShell
  • Active Directory management including: user provisioning, password management, information management, corporate white pages, and delegated user and group administration
  • Workflow and role automation for delegated administration and self-service for Active Directory and Exchange, including support for Resource Forests

Customers       Company       Support       Contact
EmpowerID Version 4.0 Competitive Comparison*
Request an evaluation or a demo
  Quest ActiveRoles Sun Identity Manager & Role Manager Oracle Identity Manager & Role Manager Microsoft ILM2
Product Description          
  A Windows Workflow-based Identity Management Platform A Windows-based Active Directory Management Application A Java-based Identity Management Platform A Java-based Identity Management Platform A Windows-based Identity Management Platform
General Characteristics Quest Sun Oracle Microsoft
A single unified product and code base No No No No
Built on a Business Process Management (Workflow) Platform No No No No
Built on a Role-based Access Control Platform No No No No
Metadirectory for multi-directory management No
Programmable Process Automation Platform No Limited
Role Functionality Quest Sun Oracle Microsoft
Enterprise Role-based Access Control (RBAC) No No
Role Directory Unified with Metadirectory N/A No No N/A
Solves complications with RBAC including "Role Bloat" N/A No Partially N/A
Polyarchical RBAC N/A No N/A
Can set up meaningful roles without role mining N/A No No N/A
Role Engine Inventories and Enforces Permissions In Managed Systems N/A No No N/A
External Role-based Authorization for Custom Applications No No
Workflow Functionality Quest Sun Oracle Microsoft
Processes as Workflows - Not Simply Approvals No Limited Limited No
Broadly Supported Workflow Engine N/A No No
Rights-based (RBAC) Workflow Approval Routing No No No No
Supports State Machine (Non Sequential) Workflows No No No Limited
Can Publish Workflows as Web Services N/A No No No
Scheduled Workflows N/A No No No
Event-based and Subscription Workflows N/A No
Integration with SharePoint Workflow N/A No No No
Microsoft Environment Management Quest Sun Oracle Microsoft
Inventory and Synchronization of AD and ADAM Objects No
Inventory and Permissions Management of Exchange Mailboxes No No No No
Exchange Resource Forest Support Yes, but requires additional product No No No
Advanced Exchange Mailbox Load Balancing No No No No
Live Views and Management of AD Objects No No No
Dynamic Groups Based Upon Multi-directory Data No Limited Limited Limited
Can Utilize Existing AD Groups and OUs as RBAC Roles and Locations N/A No No N/A
Deleted AD User and Mailbox Recovery Yes, but requires additional product No No No
Metadirectory is a Native .NET Membership & Role Provider for SharePoint and Other .NET Applications No No No No
Password Reset Self-Service Quest Sun Oracle Microsoft
Multi-directory password self-service reset No
Forced Password Self-Service Reset Enrollment No No No No
Flexible Workflow-based Reset Process No No No No
SSO and Federation Quest Sun Oracle Microsoft
Single Sign-on for Web-based Applications Limited No
Federation Server No No
Can support 3rd party second factor authentication N/A N/A
Programmability Quest Sun Oracle Microsoft
Visual Workflow Development Environment with Provisioning Shapes No No No No
Visual Web Service Designer No No No No
Microsoft PowerShell as Web Services and Workflow Shapes No No No No
Team-based workflow source control No No No
What You See is What You Get (WYSIWYG) User Interface Designers No No No No


*All comparative information is as of 8/08 and is based on information made publicly available by the respective vendors. All trademarks are the property of their respective owners.