• Password Manager
  • User self-service for password resets and account unlocks
  • Password synchronization between enterprise systems and multiple AD domains
  • User interfaces for Microsoft SharePoint, Outlook Web Access, and the Windows Logon screen
  • Profile Manager
  • User self-service for their personal directory information with approval workflows
  • Directory information synchronization between enterprise systems and multiple AD domains
  • Improves the quality of data by providing dropdown lists and enforcing rule-based value generation
  • Provisioning Manager
  • Automated role-based user provisioning and de-provisioning for a broad range of enterprise systems and directories
  • Monitors enterprise systems providing true bi-directional communication of events and changes
  • Self-registration workflows enable users to securely add themselves to directories without administrative intervention
  • Role Enforcer
  • Enables the discovery, administration, auditing, and enforcement of a single role-based authorization model across all resources and systems
  • Role Enforcer modules leverages EmpowerID's flexible Role-Based Access Control (RBAC) to lower costs, reduce errors, and improve security
  • Modules available for: Microsoft SharePoint, Windows File Shares, Windows Print Shares, Microsoft Exchange, Active Directory and LDAP Groups, and Custom Applications
  • ILM Connect
  • Replaces complex provisioning code in ILM Management Agents with visually designed Windows Workflow Foundation workflows
  • Role-Based Entitlement Management for ILM to answer and enforce "who has access to what, why, and for how long?"
  • Increases ILM compliance with enterprise-wide reporting, automated attestation, and separation of duties enforcement
  • Connect Modules
  • Enable EmpowerID's workflow-based provisioning for a variety of directories, operating systems and applications
  • Provide password and profile information synchronization for a wide variety of platforms
  • Connect modules available for: Active Directory, LDAP, Linux/Unix, MySQL, Microsoft SQL, Oracle, Custom Applications, SAP, Midrange (AS/400), Microsoft Identity Lifecycle Manager, and custom applications
  • BPM Studio
  • Visual designer for the EmpowerID Business Process Management Server
  • Allows users to extend out of the box workflows or create entirely new ones
  • Drag and drop designer and property mapper with rich library of shapes
  • Identity Lifecycle Management
  • Automated role-based user provisioning and retirement
  • Password synchronization & self-service reset
  • Directory information synchronization & self-service
  • Delegated identity administration
  • Automated attestation & continuous compliance enforcement
  • Role-Based Entitlement Management
  • Unifies visibility, audit, and enforcement over all enterprise systems with a flexible Role-Based Access Control (RBAC) system
  • Centralizes the control of access and the enforcement of policies for users based on their specific role and location in the organization
  • Covers a broad range of IT systems including: Microsoft SharePoint, Active Directory & LDAP Groups, Windows File Shares, Windows Print Shares, Microsoft Exchange, and Custom Applications
  • Resource Lifecycle Management
  • EmpowerID's automated, self-documenting and auditable workflow processes manage the entire lifecycle of your enterprise resources
  • Full lifecycle management including: provisioning, inventorying, enforcement, management, certification and retirement
  • Lifecycle Management for Windows File Shares, Windows Print Shares, Microsoft Exchange, Active Directory & LDAP Groups, and custom applications
  • Sharepoint Extranet Directory
  • Automated workflow-based user self-registration and site access requests
  • Maintains SharePoint extranet user accounts in EmpowerID
  • Inherent security, routing, approvals, and reporting
  • Role-based delegation with workflow approvals and reporting
  • Self-service password change, forgotten password reset, and account unlock
  • User profile self-service with workflow approvals
  • Business Process Management
  • First Identity and Role-Based Entitlement Management platform built on a Business Process Management Platform (BPM)
  • Complex workflows offer comprehensive security "baked in", eliminating the vulnerabilities created by traditional workflow applications
  • Friendly workflow designer coupled with a huge library of shapes makes IT organizations more agile and SOA-compliant
  • Business Process Management
  • First Identity and Role-Based Entitlement Management platform built on a Business Process Management Platform (BPM)
  • Complex workflows offer comprehensive security "baked in", eliminating the vulnerabilities created by traditional workflow applications
  • Friendly workflow designer coupled with a huge library of shapes makes IT organizations more agile and SOA-compliant
  • Microsoft PowerShell
  • Visually design business processes by dragging and dropping PowerShell shapes and the pipeline connections between them
  • Controlled delegation of PowerShell driven workflows on a role-based access control platform
  • Automate complex systems management tasks across remote machines with detailed logging and reporting
  • Role-Based Access Control
  • Enables immediate non-disruptive roll out of a role-based entitlement management model
  • Assignment based upon what a person does and where they work dramatically reduces "role bloat"
  • Resource Role definitions ensure consistency and accurate reporting of actual access rights
  • Metadirectory
  • Provides a rich and extensible schema enabling attribute synchronization and live data access for a diverse range of directories and application servers such as Active Directory, LDAP, SharePoint Profiles, Unix/Linux, and database applications.
  • An extensive role-based access control metadirectory that models the real world with People, Accounts, Roles, Business Locations, Directories, Resource Systems, Resources, Applications, and Policies
  • Allows developers to move security code out of their applications and into a central authorization system
  • Active Directory
  • Manage Active Directory using Microsoft's most advanced technologies: .NET 3.5, System Directory Services Protocols programming layer, ASP.NET Membership & Role Provider, Windows Workflow Foundation, Windows Communication Foundation, and PowerShell
  • Active Directory management including: user provisioning, password management, information management, corporate white pages, and delegated user and group administration
  • Workflow and role automation for delegated administration and self-service for Active Directory and Exchange, including support for Resource Forests

Customers       Company       Support       Contact
EmpowerID Role-Based Access Control
Centralized role-based control automated by your business



Today's business environment demands that organizations automate permissions management processes while adhering to regulatory and compliance mandates. However, relying on traditional processes and systems to manage the challenges of granting and maintaining such access for thousands of users connecting to thousands of systems, applications and devices creates far-reaching problems for even the smallest of organizations. In almost all cases, these processes are labor intensive, expensive, inefficient and error-prone. They are not scalable or easily distributed and are inherently difficult to secure and to audit. The result is that most companies have no idea of who should have access to what, and what's worse, no easy way of finding out. What is needed is a platform that unifies visibility, audit, and enforcement over all enterprise systems in a single security model.

The concept of Role Based Access Control (RBAC) was built upon the premise that access to an organization's data resources should be controlled and managed using a set of pre-defined roles. RBAC simplifies administration by reducing the number of direct permissions assignments between people and resources that need to be maintained. RBAC also improves the delineation of privileges and accountability based on job responsibilities to grant only appropriate access rights while maintaining separation of duties.

Unfortunately, RBAC implementations have proved challenging for organizations often requiring dramatic process changes and long consulting engagements. These processes typically analyze an organization's business structure through intensive interviews for each process to determine who does what in each business process (top-down), or they analyze large amounts of system permission data (bottom-up) to determine who currently has access to what. The goal in both approaches is to cluster people into "candidate roles" that map the greatest number of people into the fewest number of roles required to grant the expected level of access across all systems. After this arduous process, organizations must migrate into this new permissions model and frequently reassess to ensure that roles are still optimal as the business changes.

EmpowerID solves these challenges and dramatically simplifies this entire process by offering a truly innovative RBAC model that eliminates most of the problems encountered in typical RBAC implementations. EmpowerID allows you to easily bring role-based identity and access management to your business. Using a uniquely powerful and flexible framework comprised of Organizational Roles, Organizational Zones, and Resource Roles, EmpowerID makes rolling out RBAC a non-disruptive process that allows for immediate value while supporting continuous improvement and optimization rather than requiring months of planning and deployment.

EmpowerID's RBAC model solves many of the challenges by offering permission assignment using a polyarchy model. This simply means that the permissions assignment model is flexible and allows access to a resource to be granted based upon the combination of what a person does in the organization (Organizational Role) and where they work (Organizational Zone). This enhancement to RBAC dramatically reduces the number of roles required in situations where employees with the same job title (e.g. Bank Teller) work in many different locations and need access to many of the same resources but also deviate specifically based upon their location. Without the dual assignment model, a Bank Teller Role would need to be created for every possible bank location. This "role bloat" typical of other systems, reduces the value of RBAC and dramatically increases complexity and the amount of manual work required by a system. With EmpowerID, users can be manually assigned to multiple Organization Zones and Organizational Roles or automatically assigned and removed based upon live queries against your business systems.

Another significant extension to RBAC is the Resource Role. A Resource Role is an application or resource type-specific definition of a set of rights that make sense for that particular system. A common example might be the Contributor Resource Role for Microsoft SharePoint. Membership as a Contributor is meant to convey a specific level of access in that application. EmpowerID allows these Resource Role definitions to be defined for every type of resource that will be managed by the EmpowerID entitlement management system. These Resource Roles then codify a specific level of access in each of your applications which is enforced so you can ensure that "Contributor" in SharePoint always has the specific rights you have defined via your policy. This centralization of resource-specific role definitions ensures consistency and auditability of permissions. More importantly, it allows a seamless migration process to RBAC by allowing the discovery of existing users' permissions in resources and the mapping of their EmpowerID RBAC identities to these Resource Roles. Role bloat is avoided because roles are managed via definitions for a type of resource, instead of requiring that separate roles be created to grant access to each specific resource.

EmpowerID's role governance and role administration can be delegated by policy to allow the right people to make the right access decisions. The entire process is managed through a configurable, easy-to-use graphical user interface that gives business users and IT personnel the tools to manage roles and access. Built on a services-oriented, standards-based architecture that is easy to deploy and manage, EmpowerID integrates seamlessly with your existing IT infrastructure and is designed to scale with your business.

 Download Free Trial!
Schedule Live Demo!
Try Now Online!


Compare EmpowerID!