Metadirectory & Sync Services

The EmpowerID metadirectory and synchronization services are used to inventory connected systems, process changes through rules and policies, and then push the appropriate changes out to the affected systems. The metadirectory and sync services use the inventoried information to perform identity correlation and link disparate application user identities with the actual people who use them.

In addition to these traditional metadirectory functions, the EmpowerID metadirectory acts as an RBAC metadirectory and as a directory. As an RBAC metadirectory, EmpowerID inventories and stores the resources that exist in managed systems, the rights assignments for these resources as assigned in those systems, and the definitions of rights (or roles) used by that system. The RBAC metadirectory also stores EmpowerID RBAC information, such as the definition of EmpowerID roles, role assignments for managed system resources, business location structures for delegation, dynamic RBAC policies for provisioning or de-provisioning resources, and all other RBAC policies and settings.

As a directory, the EmpowerID metadirectory is able to perform user authentication for EmpowerID and any other applications that support SAML, WS-Trust, OAuth, RADIUS, or the Microsoft Membership and Role provider model. The metadirectory maintains a Person object for each human person that uses or is managed by the system and anchors any accounts that a person may own in foreign systems to that one Person object. The Person object is what authenticates a user into the EmpowerID system and allows them to perform any tasks authorized by their security assignments. Applications may leverage EmpowerID for authentication in lieu of requiring an Active Directory account or simply leverage EmpowerID for single sign-on (SSO).

Key Features:

• Synchronizes information between directories, systems, and applications including AD, LDAP, HR, ERP, database applications, and custom applications
• White page views of metadirectory information provide friendly and interactive end user interfaces for viewing and managing consolidated directory information
• Extensibility which allows organizations to define their own types of protected resources, rights definitions, roles, and policies
• Distributable and scalable multi-instance sync engine capable of handling the largest and most demanding environments
• RBAC metadirectory encompasses resources and their rights assignments within managed systems in addition to the common metadirectory function of managing user accounts
• Metadirectory acts as an extranet or application directory for applications that support federation standards or the .NET Membership and Role Provider model
• Active Directory Password Change Agent resides on Domain Controllers and captures native password changes
• Dynamic policy enforcement platform automates many aspects of account management and policy-based provisioning and rights assignment across enterprise systems and directories
• Syncs password changes and unlocks between Active Directory, LDAP, and custom applications