Here, we look at the following Group Management elements:
- Self-Service Group Shopping – our one stop IT Shop brings a unique experience to the group access request process. Simple, easy to use, and works seamlessly in with your approvals process.
- Empowers Business Users – another facet of the IT shop is the ability to grant business users the ability to manage their own groups and applications.
- Delegated Group Administration – EmpowerID’s single security model solves the delegated admin problem without compromising on either security or speed.
- Manage All Your Groups – the numbers of applications and systems available is migraine-inducing for Group Managers. With a massive library of connectors, EmpowerID changes that.
- Group Analytics – analytics and reporting are more crucial today than ever. EmpowerID brings both intelligence and in-depth visibility to your entire organization.
Here’s a short demo video of EmpowerID and group management.
Watch a short demo video of how the end user experience is with EmpowerID’s Group Manager:
Self-Service Group Shopping
EmpowerID’s IT Shop brings a familiar one stop, shopping cart experience to your group access request process.
Users perform a simple search for the groups and application roles they want—from any type of connected system—and then add them to their cart.
Your managers may shop for multiple direct reports as part of the onboarding process and they can make any requests for permanent or temporary membership.
The user submits their request when they have finished shopping.
The EmpowerID workflow engine takes this request and then, from your pre-defined organizational rules, determines what happens next.
Requests tyically require approval, and EmpowerID will notify the relevant personnel.
If there are any Segregation of Duties (SoD) rules applied, EmpowerID checks to ensure that no toxic combination—a combination of entitlements that are non-compliant or high risk to the organization—would result on approval.
Depending on how it is configured within your organization, refusing such a request might then trigger a separate workflow to route the request for higher approval, etc.
Regardless, EmpowerID autogenerates these requests and tracks their status. Email notifications inform and update participants and EmpowerID records and integrates the access recertification process with all requests, decisions, and associated fulfillment actions.
Empowers Business Users
Granting your business users the ability to manage the membership of groups and application roles for which they are responsible is the ultimate time and money saver
The challenge has always been how to provide this capability to non-technical users in a userfriendly interface that eliminates the need for IT assistance.
The EmpowerID IT Shop solves this challenge by providing your business users with the ability to create and manage their own groups.
Group owners can see and manage access to their various Cloud or on-premise directory and application groups in this one simple web and mobile interface.
Your users can then request access to groups in the IT Shop and the owners will receive an email alert.
The group owner can easily approve or reject the request reducing the workload placed on IT staff.
Delegated Group Administration
Traditionally, IT administrators only had to worry about managing groups and application roles in a few well known on-premise systems
However, the rapid adoption of Cloud applications has changed the landscape dramatically.
This has created an immense entitlement management challenge for your IT security departments.
Not least because each system becomes its own security island with its own set of users, groups, permissions model, and administrative user interfaces.
EmpowerID solves this security challenge by applying a single security model that replaces multiple native security administration tools, eliminates the need for you to train staff on applicationspecific security models and tools, and increases your security by never granting native permissions.
Your entitlement managers can perform identity administration and manage all their application groups from a single web-based console.
They can even delegate access management to nontechnical group owners to manage access using a non-technical interface.
The EmpowerID risk engine ensures delegated admins grant only “Compliant Access” which is job appropriate and does not violate an organization’s risk policies.
Manage All Your Groups
The measure of a group management solution is its ability to manage the groups and application roles in as many of your organization’s systems as possible.
EmpowerID provides one of the largest libraries of out of the box connectors for on-premise and Cloud systems available
These out of the box systems are quick and easy to configure with simple and friendly workflow-based processes.
Upon completion of a connection, EmpowerID inventories the user accounts, groups, and their membership, monitor changes, and enables group self-service and administration.
Group Analytics
EmpowerID brings intelligence and in-depth visibility to managing your Cloud and on-premise groups.
It also continuously inventories and monitors your systems for changes. This includes the creation of new groups, group membership changes, and deletion of groups.
When changes occur, both they and the change source are logged.
As part of your analytics and reporting, you can also set alerts to notify group owners and administrators when membership in sensitive groups changes.
These changes can also be rolled back automatically.
Our reporting capability consists of hundreds of statistics and metrics displayed in userfriendly dashboards.
These dashboards allow visibility into how your environment is changing and are kept up to date by a large list of out of the box reports.