The document discusses identity and access management challenges and how EmpowerID addresses them. It summarizes EmpowerID's capabilities as including role-based identity and entitlement management to determine who should have access to IT resources and enforcing this across systems. EmpowerID uses workflow automation to manage identity lifecycles and addresses challenges such as automated user provisioning, group management, and compliance reporting.

1. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com1

2. Security ChallengesCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com2It should be easier to get access to the IT resources I need to workI want to delegate management but not lose controlHow can we report on who has access to what across all our systems

3. The Make Like Bob ProblemSecurity Based On a Moving TargetProtected ResourcesCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.comYear NDay 1Year 2New Access GrantedNew Access Granted?Multiple sites and rolesWho are you?SharePoint???PO Approver?AD User: CMH OUX?Custom ApplicationsCRM LDAP UserSend AsBobSales Executive”??Payroll & Unix UserPerson?Full Access??Sales ShareConference Room 5401New Hire: Jim“Sales Executive”New Hire: Sarah“Sales Executive”

4. The Challenge with an AD Groups-only Approach?Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.comAccess GrantedProtected Resources?GroupsMultiple sites and rolesJohn’s User Accounts?What can you access, when, and why?Who are you?SharePoint??PO ApproverHelpdesk Manager??No Reportable or Auditable Link?Custom ApplicationsMailbox Helpdesk ISend AsJohn??PersonFull AccessShared Mailbox???Conference Room 5401

5. Protected ResourcesEmpowerID enforces security across systemsCustom ApplicationWindows ServersSAPMicrosoft SharePoint WebTypes of Protected ResourcesActive Directory GroupGroupsWeb ResourcesMicrosoft Exchange MailboxEmpowerID is an authorization platform that can be extended to support any type of application and application resource. Protected systems containing resources are called “Resource Systems”. EmpowerID inventories Resource Systems and enforces permissions. Permissions Management=Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com

6. New Tools: Windows PowerShellNew command line and scripting languageNew Tools: Windows PowerShell

7. Over 2 million downloads in first 18 months

8. Adopted by Citrix, VMware, Exchange, SharePoint, SQL…

9. CEC 2010 requirement

10. CEC = Common Engineering Criteria. PowerShell is part of the CEC for 2010. This means that all Microsoft products released in 2010 must have PowerShell built in.

11. Strong community engagementShipped withWindows Server 2008Phenomenal Adoption Rate

12. New Tools: Windows Workflow FoundationWorkflow engine shipped as part of the .NET 3.0 FrameworkModel workflows as state machines or sequential stepsLong-running and stateful

13. EmpowerID and Dot Net WorkflowBring It All TogetherWindows PowerShellWindows Workflow Foundation (WF)Windows Communication Foundation (WCF)Windows Presentation Foundation (WPF)Windows Identity Foundation (WIF) - FederationASP.NET AJAXSilverlightSQL ServerActive Directory Domain ServicesActive Directory Lightweight Directory Services (ADAM)SharePoint 2007/2010Exchange 2003/2007/2010Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com

14. EmpowerID CapabilitiesEmpowerID’s Role-Based Identity and Entitlement Management answers the question, “who should have access to which IT resources and for how long?” and then enforcesthe results across all enterprise systems. With EmpowerID's workflow platform, organizations visually design business processes as workflows to automate the lifecycle of enterprise identities, roles, and resources.Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com11

15. Identity Management ChallengesAutomate user provisioningGartner estimates organizations can save 300% of the cost by automating user provisioningAutomate Group ManagementThis will reduce cost and improve efficiencyReduce or eliminate Password reset calls Gartner estimates this accounts for up to 50% of all Help Desk calls at a cost of $20 to $50 each Automate Compliance ReportingEliminate delays in granting and revoking access Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com12

16. EmpowerID SolutionsPassword Self-Service ResetGroup Management and Self-ServiceSharePoint Audit and Permissions ManagementSharePoint and .NET Extranet Directory SolutionRole-Based User Provisioning and Directory SyncUser and Exchange Mailbox ManagementSecure Workflow AutomationCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com13

17. EmpowerID Quick FactsCurrently used to provision, manage, and audit user and system security in global organizations with 100’s of thousands of users running >20,000 workflows per monthMultiple modules enable organizations to custom design a solution to fit their needsOnly solution on the market offering:A visual design studio for drag and drop Microsoft Windows Workflow Foundation developmentA library of self-service workflows that automate processes with flexible approval routing and built-in audit trailsEnterprise role management that extends beyond Active Directory to enforce permissions across all managed systems A scalable multi-instance relational Metadirectory and synchronization engineA unified management console supporting the broadest range of directories and enterprise applications including Active Directory, LDAP, Microsoft Exchange, Microsoft SharePoint, and even custom applicationsCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com14

18. MetadirectoryManagement of a Person and Their User AccountsEmpowerID PersonSAPLDAPActive DirectoryPayrollCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com.NET ApplicationsAuthenticationJohn SmithAuthenticationAccount StoresDirectories containing a Person’s user accounts managed by EmpowerIDLOB AppsEmpowerID continually inventories and monitors Accounts Stores for changes. New user accounts are discovered and processed through a workflow to evaluate if they should be “Joined” to an existing Person, “Ignored”, or a new Person should be “Provisioned”.

19. Role-Based Access ControlMulti-Hierarchy RBAC using Job Function and Location16Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com

20. A New Breed Of Identity ManagementFrom Code to Visual Process Management EmpowerID WF ProcessTraditional Identity ManagementCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com

21. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com18Dot Net Workflow Studio is a drag and drop design environment for secure process automation. What You See Is What You Get user interface designers generate code free user interfaces.Secure Business Processes DesignWorkflow Studio: Visual Process Designer

22. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com19Workflow OperationsAutomatic Role-Based Authorization and ApprovalsEntitlement management and authorization system built-in – workflows automatically routed for approval using Rights-Based Approval Routing (RBAR)

23. Wizards convert PowerShell Commandlets or custom code into secure workflow Operations.User Experience: Resource ManagerIndustry’s Only Unified Management ConsoleCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com20

24. User Experience: Service CatalogCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com21

25. User Experience : Inside SharePoint “Service Catalog”Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com22

26. User Experience : Inside SharePoint - Running a WorkflowCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com23

27. User Experience :Workflow Task ListCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com24

28. User Experience : Inside SharePoint “Workflow Task List”Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com25

29. User Experience : EmpowerID PagesCopyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com26

30. User Experience : Inside SharePoint – “Theme Inheritance”Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com27

31. User Experience: Click Once Rich ClientCopyright © 2010. Dot Net Workflow is a trademark of The Dot Net Factory, LLC. |www.DotNetWorkflow.com28