User Manager

1. A New Breed Of Identity ManagementFrom Code to Visual Process Management EmpowerID WF ProcessTraditional Identity ManagementCopyright © 2011. Dot Net Workflow is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com1

2. User Manager: Role-Based User Provisioning and Delegated Administration

3. Introducing User ManagerWorkflow Automation of User Lifecycle ManagementAccording to the Gartner Group, organizations can save 300% with automated user provisioningThe ChallengeDuring good and bad economic times there is an increase in employee turnover. Provisioning user accounts and granting access across multiple systems is a costly and time consuming process. Quickly and efficiently deprovisioning access when and employee leaves the organization is even more time consuming and error prone, often exposing an organization to security vulnerabilities.EmpowerID SolutionUser Manager is a workflow and role-based solution that automates provisioning access for new employees and deprovisioning access when they change positions or leave the organization.Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com3

4. A request is submitted as a ticket to the helpdesk requesting accounts and access for the new employeeThe helpdesk has a large backlog of tickets which delays creation of the accounts and postpones employee productivitycommon ratio for large companies – 1 helpdesk admin/6000 users!In the meantime, the user cannot access resources they need to perform their job – e.g. email, file shares, printers, etc...The helpdesk must search in each system to verify name uniquenessEventually the accounts are created and access is grantedProcess Challenges:Manual provisioning requires the involvement of multiple IT staff and a high level of organizational knowledgeIT is unable to detect security changes in AD and other systemsNo automated removal of application and system accessLack of a good audit trail to attest to why access was granted and who approvedCopyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com4When Will I Get Access?Typical Process Before EmpowerID

5. 5ProvisioningRoutine UserAdministrationChangeLocationsNew ProjectForgotPasswordRelationshipEndsPasswordExpiresPasswordManagementDeprovisioningRelationship BeginsPromotionUSERLIFECYCLECopyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.comIdentity Lifecycle ManagementManage the Lifecycle of a Person and Their Accounts

6. Identity Lifecycle ManagementManage the Lifecycle of a Person and Their AccountsDiscovers and links a person’s user accounts in all systems

7. Automates provisioning and deprovisioning with workflow

8. Synchronizes user information between systems and provides self-service edit

9. Synchronizes passwords and enables self-service reset and unlock (Password Manager)

10. Self-service new account registration workflows with approvals

11. Delegates role-based administration of people and their accounts

12. Achieves continuous compliance through constant enforcement of policiesPerson6

13. Automates provisioning, moving, and deprovisioning of user accounts and resources based upon the roles of the userRole membership can be automated based upon mappings to existing authoritative systems, by rules, or assigned via workflows with approvals

14. Examples of Resource Entitlements:Accounts in connected systemsExchange MailboxesHome Foldersetc…Resource Entitlements are automatically re-calculated and provisioned, moved or deprovisioned when a Person’s roles change

15. Automated deprovisoning of user accounts prevents accumulation of privileges over time and ensures that access is revoked when an employee leaves the organizationCopyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com7Resource EntitlementsAutomatic Provisioning and Deprovisioning of Accounts and Resources

16. Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com8Resource EntitlementsRole-Based Resource Provisioning and DeprovisioningResource Entitlements for Contractors in New YorkResource Entitlements are policies that automate provisioning, moving, disabling, and deprovisioning resources automatically based upon user Role and Location changes. Automating the initial provisioning of resources when a new Person is created as well as their ongoing management.Resource Entitlements for Standard Employees in Sydney

17. Attribute values such as job title, address, company, department, and others can be applied via Role and Location-based policiesAs users change role or location, these policy-based values are applied and synchronized to connected directories based upon pre-established flow rulesPolicy-based assignment can dramatically reduce the amount of effort spent manually entering and keeping directory information accurateAccurate information increases the value of your corporate directory as a collaboration toolCopyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com9Role-Based Attribute Value AssignmentAutomate maintenance of accurate directory information

18. Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com10Policy-Based Attribute ValuesRole-Based Attribute AssignmentPolicy-Based Attributes for Contractors in New YorkPolicy-based attribute values are policies that automate the maintenance of any directory values that can be defined by Role and Location. Any attribute value of a Person can be assigned by policy and maintained automatically when Role or Location changes. Attribute values will update connected directories based upon attribute flow rules.Policy-Based Attributes for Standard Employees in Sydney

19. EmpowerID Group Manager automates the management of group membershipGroup membership is controlled as an RBAC right permitting advanced delegation rules which automate group membership based upon the Role and Location of the PersonGroup membership is automatically re-calculated and enforced when a Person’s roles change

20. All changes to group membership are logged and tracked - both changes made within EmpowerID and in the native directory

21. Automated role-based group management prevents the accumulation of group membership over timeCopyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com11Role-Based Dynamic Group MembershipAutomate maintenance of group membership

22. Multi-directory web-based corporate white pages with rich Metadirectory schema

23. Enable user profile self-service across multiple directories with workflow approvals

24. Automatically detect and synchronize directory changes using flexible attribute flow rules

25. User interfaces for SharePoint, Windows WPF, and the web

26. Only white pages solution built on the Windows Workflow Foundation

27. Role-based security for fine-grained control over visibility even in multi-organization configurationsMetadirectoryWeb-Based Corporate White Pages & Self-Service12

User Manager

More Related Content

What's hot (20)

Viewers also liked (9)

Similar to User Manager (20)

Recently uploaded (20)

User Manager