Adding Intelligence to Active Directory with an Identity Warehouse

Posted by Chris Hayes on Wed, Sep 30, 2015

According to Microsoft, Active Directory™ service provides user and computer accounts and distribution and security groups.  This service is essential when trying to allow people to log into Microsoft Windows Workstations and running things like Group Policy's, publishing printers and providing DNS/DHCP services.

In a simple world, an architecture like this can sometimes suffice.


Where Active Directory comes up short is when you are trying to manage a global distribution of different domains.  Or trying to create an automated process that will create mailboxes in Office 365, automatically add someone to a group when their identity is created or they move to a different office.  When you want to assign an access owner to a file share and have all request for access to that share filter up to that person rather than have everyone call the helpdesk.

These are the reasons the EmpowerID Identity Warehouse was created.  We recognized the need for fine grained authorization and approval workflows and included them.  We knew the Identity Warehouse needed comprehensive RBAC and ABAC capabilities along with delegations and location awareness so we added that in too.

In a more complex world you need an Identity Warehouse


Only with an Identity Warehouse can you automate tasks like:

  • Create an Active Directory account based upon a new record in something like UltiPro, SAP or PeopleSoft
  • Assign group membership based upon a Role, Attribute or Location
  • Assign business users as "Access Owners" or gatekeepers for file shares, SharePoint sites and more.
  • Create and perform Audits, Certifications and Attestations
  • Provide fine grained authorization at an API level for other applications and services
  • Allow for self-registration of an account for your consumers and business partners
  • Create and publish any other type of workflow

The EmpowerID Identity Warehouse contains important entitlement and authorization data for your organization.  This information is updated regularly from other databases and data stores and you get to decide how each attribute flows.  The Identity Warehouse also contains all of the statistical and analytical tools required to give you an up to date view related to risk, governance and compliance.


Here are a few more examples of how you can use the EmpowerID Identity Warehouse:


The EmpowerID Identity Warehouse plays a critical role in your fast growing infrastructure.  Ensuring that the security controls you need in place strictly follow the business rules is really what it's all about.  We like to think of Active Directory as the motor and EmpowerID as the powertrain control module, taking in all of the sensor data and determining the exact air/fuel mixtures to ensure everything runs correctly.  It's this same concept between the Identity Warehouse and Active Directory, we monitor everything and determine just what needs to be done at the lower level of Active Directory.

Want to find out more, click through and request a quick demo.

Request a Demo