A New Breed Of Identity ManagementFrom Code to Visual Process Management <br />EmpowerID WF Process<br />Traditional Ident...
User Manager: Role-Based User Provisioning and Delegated Administration<br />
Introducing User ManagerWorkflow Automation of User Lifecycle Management<br />According to the Gartner Group, organization...
A request is submitted as a ticket to the helpdesk requesting accounts and access for the new employee<br />The helpdesk h...
5<br />Provisioning<br />Routine UserAdministration<br />Change<br />Locations<br />New Project<br />Forgot<br />Password<...
Identity Lifecycle ManagementManage the Lifecycle of a Person and Their Accounts<br /><ul><li>Discovers and links a person...
Automates provisioning and deprovisioning with workflow
Synchronizes user information between systems and provides self-service edit
Synchronizes passwords and enables self-service reset and unlock (Password Manager)
Self-service new account registration workflows with approvals
Delegates role-based administration of people and their accounts
Achieves continuous compliance through constant enforcement of policies</li></ul>Person<br />6<br />
Automates provisioning, moving, and deprovisioning of user accounts and resources based upon the roles of the user<br /><u...
Examples of Resource Entitlements:</li></ul>Accounts in connected systems<br />Exchange Mailboxes<br />Home Folders<br />e...
Automated deprovisoning of user accounts prevents accumulation of privileges over time and ensures that access is revoked ...
Upcoming SlideShare
Loading in …5
×

User Manager

19,893 views

Published on

Web site overview of EmpowerID User Manager module

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
19,893
On SlideShare
0
From Embeds
0
Number of Embeds
18,606
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

User Manager

  1. 1. A New Breed Of Identity ManagementFrom Code to Visual Process Management <br />EmpowerID WF Process<br />Traditional Identity Management<br />Copyright © 2011. Dot Net Workflow is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com<br />1<br />
  2. 2. User Manager: Role-Based User Provisioning and Delegated Administration<br />
  3. 3. Introducing User ManagerWorkflow Automation of User Lifecycle Management<br />According to the Gartner Group, organizations can save 300% with automated user provisioning<br />The Challenge<br />During good and bad economic times there is an increase in employee turnover. Provisioning user accounts and granting access across multiple systems is a costly and time consuming process. Quickly and efficiently deprovisioning access when and employee leaves the organization is even more time consuming and error prone, often exposing an organization to security vulnerabilities.<br />EmpowerID Solution<br />User Manager is a workflow and role-based solution that automates provisioning access for new employees and deprovisioning access when they change positions or leave the organization.<br />Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />3<br />
  4. 4. A request is submitted as a ticket to the helpdesk requesting accounts and access for the new employee<br />The helpdesk has a large backlog of tickets which delays creation of the accounts and postpones employee productivity<br />common ratio for large companies – 1 helpdesk admin/6000 users!<br />In the meantime, the user cannot access resources they need to perform their job – e.g. email, file shares, printers, etc...<br />The helpdesk must search in each system to verify name uniqueness<br />Eventually the accounts are created and access is granted<br />Process Challenges:<br />Manual provisioning requires the involvement of multiple IT staff and a high level of organizational knowledge<br />IT is unable to detect security changes in AD and other systems<br />No automated removal of application and system access<br />Lack of a good audit trail to attest to why access was granted and who approved<br />Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />4<br />When Will I Get Access?<br />Typical Process Before EmpowerID<br />
  5. 5. 5<br />Provisioning<br />Routine UserAdministration<br />Change<br />Locations<br />New Project<br />Forgot<br />Password<br />Relationship<br />Ends<br />Password<br />Expires<br />PasswordManagement<br />Deprovisioning<br />Relationship Begins<br />Promotion<br />USERLIFECYCLE<br />Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />Identity Lifecycle ManagementManage the Lifecycle of a Person and Their Accounts<br />
  6. 6. Identity Lifecycle ManagementManage the Lifecycle of a Person and Their Accounts<br /><ul><li>Discovers and links a person’s user accounts in all systems
  7. 7. Automates provisioning and deprovisioning with workflow
  8. 8. Synchronizes user information between systems and provides self-service edit
  9. 9. Synchronizes passwords and enables self-service reset and unlock (Password Manager)
  10. 10. Self-service new account registration workflows with approvals
  11. 11. Delegates role-based administration of people and their accounts
  12. 12. Achieves continuous compliance through constant enforcement of policies</li></ul>Person<br />6<br />
  13. 13. Automates provisioning, moving, and deprovisioning of user accounts and resources based upon the roles of the user<br /><ul><li>Role membership can be automated based upon mappings to existing authoritative systems, by rules, or assigned via workflows with approvals
  14. 14. Examples of Resource Entitlements:</li></ul>Accounts in connected systems<br />Exchange Mailboxes<br />Home Folders<br />etc…<br /><ul><li>Resource Entitlements are automatically re-calculated and provisioned, moved or deprovisioned when a Person’s roles change
  15. 15. Automated deprovisoning of user accounts prevents accumulation of privileges over time and ensures that access is revoked when an employee leaves the organization</li></ul>Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />7<br />Resource Entitlements<br />Automatic Provisioning and Deprovisioning of Accounts and Resources<br />
  16. 16. Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />8<br />Resource EntitlementsRole-Based Resource Provisioning and Deprovisioning<br />Resource Entitlements for Contractors in New York<br />Resource Entitlements are policies that automate provisioning, moving, disabling, and deprovisioning resources automatically based upon user Role and Location changes. <br />Automating the initial provisioning of resources when a new Person is created as well as their ongoing management.<br />Resource Entitlements for Standard Employees in Sydney<br />
  17. 17. Attribute values such as job title, address, company, department, and others can be applied via Role and Location-based policies<br />As users change role or location, these policy-based values are applied and synchronized to connected directories based upon pre-established flow rules<br />Policy-based assignment can dramatically reduce the amount of effort spent manually entering and keeping directory information accurate<br />Accurate information increases the value of your corporate directory as a collaboration tool<br />Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />9<br />Role-Based Attribute Value Assignment<br />Automate maintenance of accurate directory information<br />
  18. 18. Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />10<br />Policy-Based Attribute ValuesRole-Based Attribute Assignment<br />Policy-Based Attributes for Contractors in New York<br />Policy-based attribute values are policies that automate the maintenance of any directory values that can be defined by Role and Location. <br />Any attribute value of a Person can be assigned by policy and maintained automatically when Role or Location changes. Attribute values will update connected directories based upon attribute flow rules.<br />Policy-Based Attributes for Standard Employees in Sydney<br />
  19. 19. EmpowerID Group Manager automates the management of group membership<br />Group membership is controlled as an RBAC right permitting advanced delegation rules which automate group membership based upon the Role and Location of the Person<br /><ul><li>Group membership is automatically re-calculated and enforced when a Person’s roles change
  20. 20. All changes to group membership are logged and tracked - both changes made within EmpowerID and in the native directory
  21. 21. Automated role-based group management prevents the accumulation of group membership over time</li></ul>Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />11<br />Role-Based Dynamic Group Membership<br />Automate maintenance of group membership<br />
  22. 22. <ul><li>Multi-directory web-based corporate white pages with rich Metadirectory schema
  23. 23. Enable user profile self-service across multiple directories with workflow approvals
  24. 24. Automatically detect and synchronize directory changes using flexible attribute flow rules
  25. 25. User interfaces for SharePoint, Windows WPF, and the web
  26. 26. Only white pages solution built on the Windows Workflow Foundation
  27. 27. Role-based security for fine-grained control over visibility even in multi-organization configurations</li></ul>MetadirectoryWeb-Based Corporate White Pages & Self-Service<br />12<br />
  28. 28. User Experience: Resource ManagerIndustry’s Only Unified Management Console<br />Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />13<br />
  29. 29. User Experience: Service Catalog<br />Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />14<br />
  30. 30. User Experience: My Workspace<br />Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com<br />15<br />

×