Connector Framework

A Robust Connector Model For Flexible Connectivity

A Flexible Platform for Powerful IDM Connectors

Today's business environment demands that organizations move from traditional "behind-the-firewall" infrastructures to a more flexible and loosely connected model that allows applications to be a blend of onsite systems and cloud-hosted applications. Built on the Dot Net Workflow platform, EmpowerID is designed to support this new business reality. The Dot Net Workflow connector architecture is a web services based model in which each connector communicates securely while running from any location — even across the Internet — to provide centralized and automated enforcement of security, business, and compliance policies at an affordable cost using visually designed workflows.

EmpowerID enables complex scenarios and deep management of custom applications that can only be made possible with the flexibility of the underlying Dot Net Workflow platform.

The Dot Net Workflow platform connector model excels in four key areas:

Flexibility - Simple to Advanced Connector Options

EmpowerID understands that when it comes to connectors, one size does not fit all. Different systems require or cost-justify different levels of integration and management, ranging from simple flat file feeds to complex connectors that support the complete replacement of the native application's permissions administration tools. That's why the Dot Net Workflow platform supports the following types of custom connectors:

  • Flat File Connector: Affordable and fast, the flat file connector is a unidirectional flat file feed that connects to HR systems or other authoritative sources and is used to trigger provisioning and de-provisioning events that flow demographic information. The flat file connector can also be used to import business role and location information to drive complex RBAC policies.
  • Traditional IDM Direct Connectors: The traditional IDM direct connector is a bi-directional connector that performs the same functions as the flat file connector, with the added ability to make live connections to the connected system to provision and deprovision identities, flow demographic information, and sync password changes to and from the connected system in real-time. The traditional direct connector may also import business role and location information from the connected system.
  • Enterprise Application Connector: The enterprise application connector offers the highest level of integration allowing full inventory, audit, and administration of user accounts and resources in managed systems to augment or even replace the native tools in a connected system.

Connector design in EmpowerID and the Dot Net Workflow platform is flexible to accommodate the requirements of a wide range of systems, including custom applications. Connectors can communicate with connected systems via a flat file, web services, direct database communication, PowerShell, SSH, or an application's API.

Distributable and Scalable - Web Services Model for On Premise to Cloud Management

EmpowerID enables organizations to create and to manage user accounts and applications on both internally and externally hosted systems in exactly the same way, using the same policies and the same procedures. Because EmpowerID sits atop the secure web services and federated communication framework of the Dot Net Workflow platform, connectors can communicate with and manage web applications where only an over the Internet web protocols connection is possible. Dot Net Workflow management agents serve as web service endpoints, allowing communication to occur between managed applications and the metadirectory over secure web services. A management agent, or multiple management agents, placed in the location of a protected system removes the typical restrictions posed by firewalls, allowing host management that better fits today's hybrid "onsite to cloud" model, while providing fault tolerance for mission-critical applications

The above image depicts the Exchange Management Agent running as a Windows Service exposing web services for remote management of mailboxes and PowerShell task automation.

Powerful - Only IDM Offering Complete Native Permissions Tools Replacement and Immediate Self-Service

EmpowerID connectors are not limited to the traditional identity management connector functionality which typically consists of synchronizing objects, attributes, and passwords between directories. The Dot Net Workflow platform, while supporting these functions, is much more than a simple sync engine; it is also an administrative platform that allows for secure, RBAC-controlled delegation and administration of applications from a unified console.

The Dot Net Workflow platform permits the creation of connectors that are capable of replacing the native management tools of enterprise applications by inventorying the users, the resources, the roles, and the rights used by a managed system and storing that information in the EmpowerID metadirectory. Because EmpowerID's workflows and user interfaces are designed to provide a generic overarching model that can manage any connected system with the same extensive functionality it provides for the management of AD users, they bring the same rich management immediately to a new connected system, regardless of the scenario, once a connector for the system is implemented. The tools and user interfaces for managing users and permissions enforcement remain the same, with the specifics of how to implement the changes against each managed system being specific only to the connector's internal logic. This makes the process of accommodating workflow and interface design for specific connected systems transparent to Dot Net Workflow designers. This dramatically reduces the time needed to provide full management services for new applications and is a unique advantage of EmpowerID and the Dot Net Workflow platform.

Extensible - Connector Development In a Full-Featured .NET Development Studio

EmpowerID is the only IDM platform offering a complete visual development environment for rapid connector creation that is more than just an SDK or connector development kit. EmpowerID leverages the Dot Net Workflow Studio for connector design to offer connector wizards. Version control and portability between environments is offered through: C# intellisense code editors, the ability to develop against SAML and WS* with claims-based security, creation of your own distributed Windows Management agents, and a team-based source control. When a connector is made for a system it not only can manage that system, it also can expose all of its capabilities via web services for use in other enterprise applications. The Dot Net Workflow's connector design and web services architecture allows extremely open-ended accessibility to connected systems with implications well beyond data exchange and the consolidation of identity and security management.

The Dot Net Workflow Studio provides an easy-to-use yet powerful environment providing customers with the freedom to create their own simple or advanced connectors while leveraging their own internal resources and code.

Why Dot Net Workflow Connectors

All IDM platforms offer some capability for the creation of custom connectors, but only EmpowerID and the Dot Net Workflow platform offer a robust rapid application development environment where organizations control extensive functionality to deliver a complete solution that they won't outgrow, which includes:

  • A cloud supported model with distributed web service agents and full web service and federation support
  • Flexible connector options to offer the level of management required at a cost that is affordable
  • Powerful connectors options that provide the ability to replace native administration and permissions management tools with EmpowerID user interfaces (web, Silverlight, and WPF), workflows, and role-based access control
  • An extensible connector development model enabled by a visual, team-based workflow and connector creation studio