• Compare
• Company
  • Leadership
  • Careers
  • Partners
  • Press Room
  • Events
• Solutions
• Products
  • Password Manager
  • User Manager
  • Group Manager
  • Exchange Manager
  • SharePoint Manager
  • Connectors
  • Dot Net Workflow

Group Manager

A Complete Group Management Solution

Groups are currently the most widely adopted method of managing application and resource security; yet 70% of organizations do not have a reliable group management solution. Gaining control over group membership is an essential step in any enterprise compliance initiative. EmpowerID Group Manager provides organizations with centralized workflow and role-driven automation of the entire group lifecycle management process and enables groups to be a strategic part of any initiative focused on security, centralized authorization or compliance.

As the first and only solution built on a workflow and role-based access control platform, Group Manager delivers rapid ROI with the industry's most flexible and easy-to-use Active Directory and LDAP group management solution.

Group Manager performs five critical security functions:

Group Self-Service

End user requests to join or leave groups and for group creation represent a substantial portion of IT workload. Group Manager delivers rapid cost savings with workflow-based self-service to securely enable end users to create and manage their own groups, join or leave groups, and to expire groups they manage based on the delegated permissions for that group. These tasks can be performed from the friendly standalone EmpowerID web interfaces, from dynamic Silverlight interfaces, or from the EmpowerID Management Console, which is a rich Microsoft Windows Presentation Foundation application.

Delegated Group Administration

Group Manager bridges the gap between direct Active Directory administration tools and big platform vendor Identity Management solutions. Group Manager provides the traditional metadirectory-based synchronization and rule-based management of groups found in other large IDM platforms, but also acts as a complete replacement for the native tools that manage Active Directory and LDAP groups. From its web interfaces or the EmpowerID Management Console, delegated admins can perform all of the administration tasks they would perform using the native Active Directory or Microsoft Exchange management consoles with this single tool that rides on the EmpowerID platform — without requiring native Active Directory rights. The EmpowerID RBAC model allows for more fine-grained delegation of individual management tasks that typically require broad rights in the native tools, with built-in workflow approval routing based on EmpowerID's Rights-Based Approval Routing (RBAR) technology. When a user does not have the delegations needed to perform workflow operations, those operations automatically route to the appropriate approver. RBAR provides a granular and consistent framework for controlling management without the need for native ACL rights delegation.

Dynamic Group Membership Population

EmpowerID's allows dynamic management of group membership by maintaining groups based upon roles and rules derived from your directory data. Group Manager takes a giant step forward in AD and LDAP enterprise security by allowing the continuous enforcement of Group membership and permissions based on RBAC policies, regardless of changes to user information via request-driven workflows or as a result of changes in external directories. Group Manager leverages the Dot Net Workflow and RBAC platform to automate group permissions assignment and membership management through RBAC policies and user-initiated workflow requests.

Group to Protected Resource Linking

The key challenge in any strategy for centralizing the management of application and resource permissions using AD or LDAP groups is the absence of any auditable linkage between the group and the application. As a result, AD and LDAP Groups can quickly become a black hole for compliance initiatives. Organizations will often use complex group naming standards in an attempt to "relate" groups to the resources they protect, but this is not secure or auditable. EmpowerID addresses this need by extending the capabilities of AD and LDAP groups by mapping groups to the resources they actually protect. This creates a more intuitive experience, allowing end users and IT auditors to see who has access to which applications and resources in addition to who is a member of each group. Access requests are also more intuitive since this permits users to request direct access to file shares, Exchange shared mailboxes, SharePoint sites, and even custom applications, without needing to know which groups control their access.

Detailed Reporting of All Group Membership Changes

Group Manager provides the critical reports that IT admins cannot do without. Group Manager inventories your enterprise directories and continuously monitors and detects changes. Group changes can include the creation of new groups, group deletions and membership changes. Group Manager identifies and records which changes occurred by an approved workflow request or dynamic group policy and which occurred outside of EmpowerID using the native management tools. Included reports provide visibility into all attributes of existing groups and changes to these groups as well.

Why Group Manager

Other group management tools provide some of Group Manager's features, but none provide all of its functionality, making its a comprehensive solution that you won't outgrow. It offers:

• Flexible workflow - A Microsoft Windows Workflow Foundation-based architecture that allows complete customization of existing processes or the creation of your own workflows to match any business need
• Rights-based Approval Routing (RBAR) for all group management tasks. Every change to a group is evaluated based on security policies and routed for approval when necessary.
• Change requests are logged to provide a permanent tracking record and reporting that tells you:
  • Who requested a change
  • Who authorized a change
  • Why a request was made and why it was granted or refused
  • When the steps in the approval process took place
• Cross Platform - it supports Active Directory, LDAP and even custom application groups
• Metadirectory - its metadirectory engine inventories and continuously monitors groups for changes
• User Experience - its flexible user interface options include web, Silverlight, and a rich WPF client
• Role-Based Access Control - Its enterprise proven Role-Based Access Control model granularly delegates and reports on who has access to what
• Group to Resource Linking - This allows access requests and auditing to be more accurate and intuitive by displaying the actual resources protected by groups