EmpowerID Products and Solutions
- Learning Center
Welcome to the Learning Center
The EmpowerID metadirectory and synchronization services are used to inventory connected systems, process changes through rules and policies, and then push the appropriate changes out to the affected systems. The metadirectory and sync services use the inventoried information to perform identity correlation and link disparate application user identities with the actual people who use them.
In addition to these traditional metadirectory functions, the EmpowerID metadirectory acts as an RBAC metadirectory and as a directory. As an RBAC metadirectory, EmpowerID inventories and stores the resources that exist in managed systems, the rights assignments for these resources as assigned in those systems, and the definitions of rights (or roles) used by that system. The RBAC metadirectory also stores EmpowerID RBAC information, such as the definition of EmpowerID roles, role assignments for managed system resources, business location structures for delegation, dynamic RBAC policies for provisioning or de-provisioning resources, and all other RBAC policies and settings.
As a directory, the EmpowerID metadirectory is able to perform user authentication for EmpowerID and any other applications that support SAML, WS-Trust, OAuth, RADIUS, or the Microsoft Membership and Role provider model. The metadirectory maintains a Person object for each human person that uses or is managed by the system and anchors any accounts that a person may own in foreign systems to that one Person object. The Person object is what authenticates a user into the EmpowerID system and allows them to perform any tasks authorized by their security assignments. Applications may leverage EmpowerID for authentication in lieu of requiring an Active Directory account or simply leverage EmpowerID for single sign-on (SSO).