Identity Management from within your application

Posted by Edward Killeen on Tue, Apr 30, 2013

EmpowerID is a comprehensive Identity and Access Management (IAM) platform.  It authenticates, authorizes, provisions, federates, resets passwords, audits, attests, and separates duties.  Pretty much soup to nuts Identity Management.

It does all of this for on premise or cloud applications.  Likewise for internal or external identities.  It mixes the two or separates the two.  And it does all of it well, as shown by our over 400 customers using the platform.

But that might not even be the most standout aspect to the platform.  Which is odd because all of the above is what is needed for you to get your job done and keep your identities accurate and secure.

identity management workflowWithin the EmpowerID platform is a visual workflow designer.  This designer displays your identity workflows with traditional workflow shapes, decision trees and mimics how you would design it on a whiteboard or on a drafting table.  It allows you to match your identity processes to your business processes, not the other way around.  You simply drag and drop the shapes and the workflow does the work for you.  Each "shape" has an identity action that you can easily configure.  It is simple and easy and immensely powerful.

 

This is where the title of this blog post comes into play.  Each workflow can be exposed as a web service.  So, from within your application, you can provision a user, set an attribute, reset a password, set a role, authorize a user, or even federate.

This comes into play when you use EmpowerID's metadirectory as your backend identity store for authentication.  You get that full list of functionality with which I opened the blog post (authentication, authorization, RBAC, provisioning, federation, password managemnt, auditing, attestion, separation of duties, soups to nuts).  Without having to build it into your application.

This came up very recently with a customer who was looking for single sign-on into their newly built applications.  As they were talking to several of our SSO competitors, they realized that nobody else had provisioning with SSO.  And they needed this.

This customer had already built the user interface and was planning on using our OAuth server for authentication.  What was missing was that they needed a way to enforce RBAC, to have admins create new users, and to have end users reset their passwords.  Since all EmpowerID workflows are exposed as either a web service or through APIs, this becomes a fairly simple endeavor to build this into their application.

They now have a very robust IAM capability from within their application.  They can manage users, passwords, authentication, and roles from either within their application, the EmpowerID web UI, or the EmpowerID hard client.

Schedule a demo IAM from within your application!

Tags: Identity and Access Management (IAM)