All-In-One Identity Management and Cloud Security

AI has undoubtedly revolutionized how software programs function today. One of the most notable advancements in this space is the inception of chatbots, like ChatGPT, which rely exclusively on natural language to interact with the end user. However, prior to the widespread recognition of ChatGPT, a unique idea was brewing among the engineers at EmpowerID: the concept of Botflow.

At the European Identity and Cloud Conference this year, I had the privilege of introducing this innovative concept, which seamlessly integrates low-code orchestration and intelligent bots. Botflow is expected to dramatically alter the traditional approach to Identity Governance and Administration (IGA) solutions, marking a transformation led by AI and advancing the functionality of IGA solutions beyond our wildest dreams.

The Botflow concept is a brilliant culmination of low-code orchestration and intelligent chatbots aimed at enhancing IGA capabilities. The engineers at EmpowerID envisioned intelligent bots serving as virtual assistants, effectively eliminating the human factor in administrative tasks. From automating password resets to managing access requests, these chatbots operate via customizable, model-driven, and visually-designed workflows.

Figure 1 illustrates a Botflow specifically designed for password resets. This Botflow is capable of interpreting a user's request, triggering the corresponding backend procedures (i.e., reset passwords in multiple directories), and conveying the outcomes back to the user.

Figure 1

Password Reset Botflow with Visual Design

This ingenious idea bore fruit when the engineers at EmpowerID integrated the potential of AI, specifically the capabilities of OpenAI and Azure Cloud Services. This integration gave birth to a platform that facilitates the development of a new breed of chatbot. These innovative chatbots are equipped with self-contained conversational tools that enable users to accomplish tasks through conversations.

The introduction of AI into the Botflow concept was a game-changing move. AI brought to the table the ability to mimic human intelligence, enabling the bots to understand, learn, and adapt to the tasks they were performing. With AI, bots can perceive context, enabling a more personalized and nuanced interaction with users.

As depicted in Figure 2, the AI-driven chatbot has the capacity to identify when a conversational tool may be beneficial to the user. The conversational tool in the following dialogue refers to the password reset Botflow presented in Figure 1.

Figure 2

An Engaging Chatbot Dialogue featuring the Password Reset Botflow

This personalized interaction plays a critical role in transforming the user experience. Instead of navigating complex user interfaces or grappling with difficult-to-understand procedures, users can simply communicate with these AI-powered bots in natural language. AI essentially acts as the bridge, connecting the human user and the digital bot, making interactions smoother, more intuitive, and vastly more efficient.

The adoption of AI technology has also been critical in enhancing the security and compliance aspects of IGA solutions. AI-powered bots can handle routine administrative tasks while maintaining a record of all actions taken, ensuring a high level of accountability. This capability provides a dual advantage – streamlining operations while maintaining robust security and compliance protocols.

The role of OpenAI and Azure Cloud Services in enhancing the functionality of Botflow cannot be overstated. OpenAI, with its advanced machine-learning capabilities, provides the necessary tools to train these bots, enabling them to evolve and learn from each interaction.

On the other hand, Azure acts as a reliable cloud platform for developing and deploying these advanced chatbots. Azure provides the necessary infrastructure for managing and scaling these bots according to the demands of the organization.

The seamless integrations of EmpowerID, OpenAI, and Azure were pivotal in actualizing the original Botflow concept, effectively showcasing the vast capabilities of AI in redefining the landscape of IGA.

With the advent of AI and the successful implementation of the Botflow concept, the IGA landscape is poised for a dramatic change. The future of IGA solutions lies in harnessing the power of AI to streamline administrative tasks and enhance user experience while maintaining high levels of security and compliance.

IGA solutions based on the Botflow concept will ensure that organizations are equipped with robust and intelligent virtual assistants that can handle routine tasks efficiently. These solutions will provide organizations with the ability to customize and model their workflows visually, creating a more user-friendly and intuitive environment.

While the current advancements are indeed promising, the future possibilities of AI and Botflow are truly limitless. The ongoing research and development in AI and machine learning promise further enhancements to the Botflow concept. We can anticipate AI's cognitive capabilities to evolve, allowing bots to understand and handle even more complex tasks.

Conclusion

The revolutionary concept of Botflow, coupled with the advancement in AI technologies, is a testament to the potential of AI in transforming IGA solutions. By providing a seamless and intuitive user experience, ensuring high levels of security and compliance, and streamlining administrative tasks, AI and Botflow are reshaping the future of IGA. As we continue to explore the potential of AI, we can anticipate even more sophisticated and efficient solutions in the future, underscoring the immense potential that AI holds in revolutionizing the IGA landscape.

In the complex world of cybersecurity, managing identities and access rights across diverse systems can be a daunting task. EmpowerID, with its innovative Jellybeans approach and Proxied Model, is revolutionizing identity governance, providing a comprehensive solution for managing identities across a wide range of on-premise and cloud systems.

EmpowerID's Jellybeans Approach

To simplify the challenge of managing thousands of diverse systems and users, let's envision all the users in an organization as JellyBeans. Hopefully making this problem a little easier to digest using this analogy (pun unintended). 

In this analogy, each color of JellyBeans represents a distinct category, such as different types of employees, users, business units, customers, or even various geographic regions. Traditionally, LDAP and Virtual Directory systems allowed you to construct a hierarchy, wherein all your Users, Groups, and computers were organized within this tree-like structure. This hierarchical arrangement made it easy to remove administration roles by simply navigating through the tree.

This approach functioned adequately with straightforward on-premise systems in traditional organizations. However, with the emergence of the cloud, organizations have transitioned to various applications for their workflows, such as SAP, Salesforce, ServiceNow, Adobe, and more. Each of these applications operates on a distinct security model independent of Active Directory and LDAP. Consequently, managing the diverse collection of JellyBeans has become exceedingly challenging, as a single container can no longer accommodate all of them. So, what occurs now?

They are all mixed together.

The Admin Roles in database-based cloud systems often lack granularity, being too broad and limited in number. Such over-privileged admins significantly escalate your risk exposure. Nearly all modern cybersecurity attacks exploit compromised Privileged Accounts/Admins as a pivotal element in their execution. Apart from cybersecurity concerns, the privacy of your users is also completely compromised within these systems.

The Jellybeans approach in EmpowerID is a unique concept that enables granular control over identities and their access rights. EmpowerID gathers all your JellyBeans, whether they reside in on-premise systems or cloud systems, and arranges them neatly in virtual containers or mini tenants. These virtual containers can represent any desired organizational structure that aligns with your preferred approach to security delegation. This virtual container model resembles the traditional LDAP or Active Directory model, allowing you to create an organizational tree and apply policies to these virtual container locations. This way, you can regulate administrative actions, enforce privacy restrictions, and restrict users and admins to their designated containers. Hence, this technology organizes your jellybeans, granting fine-grained control to admins and users over user and object visibility, precise actions, and privacy restrictions enforcement.

This approach is not limited to Azure applications but extends to a wide range of systems including user accounts, service principals, managed identities, application secrets and passwords, Exchange Online mailboxes, SharePoint Online sites, Microsoft Teams, and more. By implementing the Jellybeans approach, organizations can enhance security and efficiency, effectively managing and securing identities across diverse systems.

The Proxied Model in EmpowerID

EmpowerID's Proxied Model allows non-technical users to perform complex tasks across various systems without being given direct access. This approach reduces standing privileges, mitigating potential security risks. The Proxied Model is not limited to Azure but extends to a wide range of on-premise and cloud systems including Active Directory, Azure Active Directory, SAP S4/HANA, Salesforce.com, Amazon AWS, Google GCP, ServiceNow, LDAP, and more.

Importantly, the Proxied Model also reduces the need for costly IT staff with specific knowledge and training in each of the proxied systems. This deskilling helps alleviate some of the challenges of the cybersecurity labor shortage and skills gap, making it a cost-effective solution for organizations.

Read More about how Proxy Models can help enhance Identity Governance here: Link

The Intersection of Jellybeans Approach and Proxied Model

The combination of the Jellybeans approach and the Proxied Model in EmpowerID provides a comprehensive solution for identity governance across diverse systems. The Jellybeans approach ensures granular control over identities, while the Proxied Model reduces standing privileges and the need for specialized IT staff. Together, they enhance security, improve efficiency, and facilitate effective identity governance.

Moreover, every action taken across these diverse systems is logged, providing a detailed audit trail. This not only aids in troubleshooting and incident response but also helps organizations meet compliance requirements.

Conclusion

EmpowerID, with its Jellybeans approach and Proxied Model, is revolutionizing identity governance across diverse systems. By providing granular control over identities, reducing standing privileges, and alleviating the need for specialized IT staff, EmpowerID enhances security and facilitates effective identity governance. Whether you're looking to manage identities across a wide range of on-premise and cloud systems, EmpowerID offers a comprehensive solution that aligns with your needs.

In the realm of cybersecurity, the Zero Trust model has emerged as a robust framework for enhancing security. A key aspect of this model is effective identity governance, which can be significantly streamlined and made more efficient through the use of proxy models and workflows.

Today we'll be exploring how these tools can be leveraged to bolster security and efficiency in identity governance within Zero Trust environments.

What are Proxy Models?

Proxy Models in identity governance can be likened to gatekeepers in a business organization, ensuring that only authorized individuals gain access to sensitive resources. Just as a gatekeeper verifies the identity and permissions of individuals before granting entry, proxy models act as intermediaries between users and the systems they wish to access. They authenticate and validate user identities, ensuring that only authorized personnel are granted appropriate access privileges.

The Power of Proxy Models

Proxy models provide a powerful tool for managing identities in a Zero Trust environment. By acting as an intermediary between users and resources, proxy models can enforce strict access controls, ensuring that users only have access to the resources they need. This approach significantly reduces the attack surface and helps to prevent unauthorized access.

Moreover, proxy models can help to alleviate some of the challenges of the cybersecurity labor shortage and skills gap. By reducing the need for costly IT staff with specific knowledge and training in each of the proxied systems, proxy models can help organizations to manage their resources more efficiently.

By implementing proxy models, businesses can establish a robust and secure system where user actions are monitored and controlled, mitigating the risk of unauthorized access and potential data breaches. Think of proxy models as vigilant guards, protecting your business assets and maintaining the integrity of your identity governance framework.

The Efficiency of Workflows

Workflows, particularly those that are automated, can greatly enhance efficiency in identity governance. By automating routine tasks, workflows can reduce the time and effort required to manage identities, freeing up IT staff to focus on more strategic tasks.

For instance, consider the process of onboarding a new employee. An automated workflow could streamline this process, ensuring that the new employee's identity is properly set up across all necessary systems. This not only saves time but also reduces the risk of errors that could lead to security vulnerabilities.

Practical Strategies for Implementation

Implementing proxy models and workflows in identity governance involves several key steps. First, organizations need to identify the resources that need to be managed and the users who will need access to these resources. Next, they need to define the access controls that will be enforced by the proxy models.

Once the proxy models are in place, organizations can then develop workflows to automate routine identity governance tasks. These workflows should be designed to be flexible and adaptable, allowing for changes in the organization's needs and circumstances.

Today, most modern Identity Governance Platforms such as EmpowerID, are equipped with the requisite toolsets to implement these robust policy frameworks. Developing and integrating these systems separately might require significant planning, resources, and expertise for most organizations; instead opting for a modern Identity Platform that easily integrates with your enterprise's existing applications might be the way to go forward. The flexibility to easily handle on-prem, cloud, and even hybrid workflows paired with the ability to integrate with Microsoft 365, SAP, ServiceNow, SalesForce, etc creates an extremely compelling offering for any organization looking to manage their identities. 

Conclusion

Proxy models and workflows offer powerful tools for enhancing security and efficiency in identity governance, particularly within Zero Trust environments. By implementing these tools and techniques, organizations can streamline their identity governance processes, improve their security posture, and better manage their resources. As the cybersecurity landscape continues to evolve, such strategies will be crucial for maintaining robust security.

Microsoft Identity Manager (MIM) is a legacy identity management solution that has been around for a while. Organizations have been leveraging Microsoft Identity Manager (MIM) to centrally manage user identities, automate user provisioning and de-provisioning because of its relatively easy integration within the Microsoft Ecosystem. While it has served many organizations well, it lacks some of the essential features that modern identity management software offers.

Here are a few of the key features that MiM is missing compared to modern identity management solutions:

1. Cloud-First Approach: 

   MIM was designed for on-premises environments, and while it can be extended to support cloud-based environments, it lacks the cloud-first approach that modern identity management solutions offer. This can make it challenging to manage hybrid environments or to take full advantage of the cloud's scalability and flexibility.

2. Flexible Identity Models: 

   MIM relies heavily on the Active Directory schema, which can limit its flexibility when it comes to managing non-AD identities such as contractors, partners, and customers. Modern identity management solutions offer more flexible identity models that can accommodate a wider range of identity types and sources.

3. Self-Service Provisioning:

   MiM requires significant manual intervention for account provisioning and access request workflows. Modern identity management solutions offer self-service capabilities that enable users to request and manage their own access, reducing the administrative burden on IT staff.

4. Access Governance: 

   MiM offers basic access control functionality but lacks the more advanced access governance features found in modern identity management solutions. This includes capabilities such as entitlement cataloging, risk-based access certification, and access analytics.

5. User Experience:

   MIM's user interface is complex and challenging to use, MiM’s frustrating User Interface is a common gripe amongst all its customers. Modern identity management solutions offer streamlined user experiences that are more intuitive and user-friendly, reducing the learning curve and improving user adoption.

In summary, while MIM has been a reliable identity management solution for many organizations, it lacks some of the essential features that modern identity management solutions offer. If you're looking for a more flexible, scalable, and user-friendly identity management solution, it's time to consider upgrading to a modern identity management platform such as EmpowerID.

EmpowerID is a next-generation identity and access management platform that provides unparalleled flexibility and scalability. With EmpowerID, you can easily manage identities, applications, and resources across your entire organization, regardless of size or complexity.

Here are just a few reasons why you should consider moving to EmpowerID:

1. Greater Flexibility: EmpowerID offers a highly configurable platform that can be customized to fit your organization's unique needs. With our flexible architecture and robust API, you can easily integrate EmpowerID with your existing systems and workflows.
2. Improved Security: EmpowerID provides comprehensive security features, including multi-factor authentication, role-based access control, and privileged access management. With EmpowerID, you can ensure that your organization's sensitive data and resources are protected from unauthorized access.
3. Simplified Administration and Self-Service: EmpowerID's intuitive user interface and streamlined workflows make it easy for administrators to manage user accounts, access requests, and other identity-related tasks. With EmpowerID, you can reduce the administrative burden on your IT team and improve overall efficiency.
4. Better User Experience: EmpowerID offers a seamless user experience, with a single sign-on portal that provides easy access to all of your organization's applications and resources. With EmpowerID, your users can enjoy a streamlined, hassle-free experience that improves productivity and reduces frustration.

So if you're looking for a powerful, flexible, and easy-to-use identity management solution, look no further than EmpowerID. Contact us today to learn more about how EmpowerID can help you take control of your organization's identity and access management needs.

If you are an ActiveRoles user, you know the value of a powerful and flexible Active Directory management solution. But as IT environments become more complex and diverse, managing identities and access across multiple systems and platforms requires a more comprehensive approach.

A modern Identity Governance solution provides more diverse features that understand the growing complexities of modern IT environments enabling deeper use cases than what you'd be limited by Quest Active Roles. While it provides many useful features for managing AD, it has quite a few limitations compared to other AD and identity governance platforms.

One of the biggest game-breakers with Active Roles is that it offers very limited functionality for Cloud users. While in theory, Quest can manage cloud users, but only to an extremely limited extent. The tool allows you to create and provision an AD user to a cloud system. However, the cloud system objects aren't inventoried and managed in the user interface, and you always need to have an AD user as your starting point for management.

This limitation can be problematic for organizations that rely heavily on cloud-based systems, as it creates an additional layer of complexity that may not be necessary. Without proper inventory and management of cloud-based users, organizations may struggle to maintain security and compliance standards.

1. Restrictive reporting and analytics capabilities:

   Quest ActiveRoles provides limited reporting and analytics capabilities, limited to just Users and Groups, as compared to other IGA Platforms that can provide in-depth and comprehensive analytics on every single AD Attribute. This severely limits you from getting a complete picture of your identity and access management activities.

2. Neglible support for non-Microsoft platforms:

   Quest Active Roles is designed to work only with Microsoft Active Directory environments and does not support other directory services. This can be a significant limitation for your organization if you use a mix of different platforms, such as Unix or Linux. 

3. Limited integration with other Systems and IAM solutions:

   Quest ActiveRoles does not integrate well with other IAM solutions, making it difficult for organizations to implement a comprehensive identity governance program. Active Roles also is limited to just being able to manage only your Active Directory, providing no way to manage users on other Systems and Applications. 

4. Finite automation capabilities:

   Quest ActiveRoles does not provide extensive automation capabilities, which can make it difficult for organizations to automate repetitive tasks and workflows. Users will have to rely on writing scripting to complete tasks, which, when managing directories with millions of groups, objects, and users, can make even small tasks take exponentially longer and more expensive.

5. Lacking Cloud readiness:

   ActiveRoles Server was designed to work with on-premises Active Directory environments, which is not ideal for organizations that are moving to the cloud or adopting hybrid environments. A modern Identity Management solution offers better cloud-ready features, such as support for multi-cloud environments and identity as a service (IDaaS) capabilities, reported missing in Quest ActiveRoles. 

6. Lacking essential Identity features:

   ActiveRoles Server lacks advanced features like identity governance, access certification, risk-based access control, and identity analytics that are essential for modern organizations to manage identity and access in complex environments. Self Service features such as Access Requests and Password Resets are shown to have saved organizations millions of dollars in helpdesk costs and are seen as a must for any good IGA platform.

EmpowerID offers a modern, web-based solution that goes beyond Active Directory management to provide full Identity Governance and Administration, Access Management, and Privileged Access Management capabilities. With EmpowerID, you can manage identities and access across on-premises and cloud-based systems, applications, and platforms, including Microsoft Azure, SAP, Oracle, and more.

EmpowerID's True Zero Trust administration for Azure and other platforms allows for fine-grained access controls and risk management, and its low-code identity orchestration engine allows for easy automation of complex business processes. EmpowerID's powerful RBAC and PBAC hybrid authorization engine provides efficient and flexible administration and runtime policy enforcement.

Not only does EmpowerID offer advanced capabilities beyond Active Roles, but it also offers the convenience and scalability of a modern SaaS platform. EmpowerID's modular licensing allows you to add or remove features as your needs change easily, and its cloud-based deployment means you can manage your identities and access from anywhere.

Don't settle for less with ActiveRoles - Make the switch to EmpowerID and experience the power and flexibility of a modern, web-based Identity Governance and Administration solution that goes beyond Active Directory management.

If you'd like to read more about Cloud Ready Identity Governance Platforms, we'd recommend our Whitepapers on these subjects: Siemens Case Study, Cloud Infrastructure Entitlement Management (CIEM) Report

Gartner Peer Insights is the market-leading peer-review platform by Gartner for comparing and rating enterprise technology solutions to ease decision-making making journeys for buyers.

We’re incredibly excited to share that EmpowerID ranks among the industry’s leading best-of-suite Identity Governance and Administration (IGA) providers on Gartner's Peer Insights.

More than 50% of our customers have given us a full 5 STAR recommendation on the peer-review website. Let’s see what they have to say about us!

"Simple and Easy to use Identity Management & Cloud Security Platform."

“EmpowerID - One of the Best Application Provisioning Platforms in the Market.”

"We have been able to accomplish more in 6 months with EmpowerID than in 2 years with our previous IAM platform."

“Flexible Pricing and Cost-effective”

“Ahead of its competitors in many things like its Quick Customer Support.”

“I like that it has increased our Workflow Efficiency.”

Read on Gartner to see what other customers think about EmpowerID's low-code orchestration platform!

EmpowerID has consistently emphasized our customers' needs in our products. We know that when they succeed with EmpowerID, we succeed. In this past year, as the vast majority of companies shifted towards remote work, EmpowerID was not only their partner to ensure a smooth and secure transition but also a guide in accelerating their digital transformation journey.

Our end-to-end support, starting from the platform itself and extending down the line to the entire Deployment support, is designed to ensure that our customers achieve the fastest time to value and grow their return on investment with EmpowerID right from Day One. Our products, such as Azure License Manager and Azure SCIM VDS, reflect all these ideals.

Identity Governance and Administration (IGA)

In Gartner’s Words, IGA or Identity Governance and Administration refers to managing “Access rights for Individuals, Roles, Groups, and identity repositories within organizations, both on-premises and in the cloud. Ensuring appropriate access to resources across highly connected IT environments.”

For an IGA platform, it is necessary to have a broad array of capabilities in order to meet the needs of the ever-growing complexities of modern organizations and IT Systems, these features that complete an IGA Suite are: Identity life cycle management, Entitlement management, Support for access requests; Workflow orchestration; Access certification Provisioning via automated connectors and service tickets; Analytics and reporting.

In 2020, Gartner chose to retire it’s incredibly viral Magic Quadrant for IGA. This was because the Magic Quadrant is designed to capture the most significant innovations in a particular market, but since IGA has already had it’s exponential growth phase, and has reached a state of maturity, it has made measuring improvements much more, but that doesn’t mean that growth has stopped. With the shifting of existing work models in the post-COVID world, IGA has seen growth and expansion to previously unimaginable heights.

IGA today has expanded and adapted to manage increasingly complex Identities spanning across different cloud platforms to provision access and entitlement of the vast repertoire of applications that modern enterprises use today in their ever-expanding workflows.

You can learn more about how EmpowerID competes in these ever-expanding domains in this all-new 2022 Leadership Compass Report by Kuppinger Cole, which examines the market for solutions that increase security in business application environments for managing cloud entitlements—measuring the growth of IGA and Access Management platforms beyond the traditional limit of imagination, taking a much more abstract and out-of-the-box approach to evaluate the needs of modern enterprises.

Check it out in the link below.

Munich, Germany & Online – September 13-16, 2021 – EmpowerID, a proven leader in helping organizations get identity and access management (IAM) right, with its global partner Avanade, are happy to announce that their long-standing customer, Siemens, a German multinational conglomerate and the largest industrial manufacturing company in Europe, was recognized by industry-leading analyst firm, KuppingerCole, as the winner in the "IAM at Scale" category at this year's European Identity and Cloud Conference (EIC).

Siemens received the prestigious award for using the EmpowerID platform to manage one of the world's largest Azure AD installations. The client managed to protect vital assets while keeping the business running, which dramatically reduced IT response time and provided a vastly improved user experience for about 300,000 users.

EmpowerID automatically inventories, monitors, and automates the management of the following in the Siemens' environment:

• 3,000 Azure license requests per month
• 30,000,000 automated Azure License Service Assignments
• 2,000,000 accounts, including AD and Azure AD
• 2,000,000 Groups, including AD and Azure AD
• 50,000,000 Group memberships
• 900,000 Nested Group Memberships

The EmpowerID architecture and solution delivery always anticipate the growth and size of its customers, delivering a global solution for Siemens that simplified managing identities for hundreds of thousands of users and millions of accounts further.

EmpowerID's powerful policy engine automates the assignment of the appropriate M365 licenses to users joining the Siemens organization based upon their roles and attributes coming from authoritative upstream systems. This automation ensures that users are licensed appropriately and can be productive from Day One. The ongoing lifecycle management functionality monitors for user position changes and readjusts the user's license to the most appropriate at all times to meet their job requirements. Most importantly, EmpowerID will reclaim the license to optimize the license expenditure when a user leaves the organization. To enhance governance and enable 24/7 self-service, the EmpowerID IT Shop allows users to request optional licenses for which they are eligible. These requests can then be routed to the appropriate individuals for approval.

To deliver greater security and convenience to its users, Siemens is also rolling out Azure application onboarding using EmpowerID's user-friendly IT Shop interface. A Zero Trust approach empowers application owners to onboard applications in Azure without having direct access to the Azure portal or being granted high-risk privileged access. As a result, security at Siemens is considerably improved by having a reduced attack surface for their Azure infrastructure, all combined with a superior user experience.

About Siemens

Siemens AG (Berlin and Munich) is a technology company focused on industry, infrastructure, transport, and healthcare. From more resource-efficient factories, resilient supply chains, and smarter buildings and grids, to cleaner and more comfortable transportation as well as advanced healthcare, the company creates technology with the purpose of adding real value for customers. By combining the real and the digital worlds, Siemens empowers its customers to transform their industries and markets, helping them to transform every day for billions of people. Siemens also owns a majority stake in the publicly listed company Siemens Healthineers, a globally leading medical technology provider shaping the future of healthcare. In addition, Siemens holds a minority stake in Siemens Energy, a global leader in the transmission and generation of electrical power.

In fiscal 2021, which ended on September 30, 2021, the Siemens Group generated revenue of €62.3 billion and net income of €6.7 billion. As of September 30, 2021, the company had around 303,000 employees worldwide. Further information is available on the Internet at www.siemens.com.

About EmpowerID

EmpowerID is the award-winning all-in-one Identity Management and Cloud Security platform designed for people. With over two decades in the industry, EmpowerID today manages millions of identities for large enterprises from all verticals across the globe. The platform is deployable on-premise and in the Cloud and offers comprehensive provisioning, single sign-on, access governance, the deepest integration capabilities with on-premise and Cloud systems, including ServiceNow, Azure AD, and SAP, on the market, and all of this coupled with an industry-leading user experience that drives adoption.

Built on a single microservice identity fabric architecture for manageability and scalability, EmpowerID ships with a powerful API, a visual workflow designer, and over 1,000 ready-to-use workflows for rapid deployment. For more information, visit http://www.empowerid.com.

Do you have any questions? Reach out to Alexandre Spoerri

Alexandre Spoerri
Sales Director
Alexandre.Spoerri@empowerID.com
+1 614 956 9008
Or feel free to book a slot to chat: https://calendly.com/alexandre-spoerri

North America

T 877 996 4276 or +1 (614) 652-6825
E info@empowerID.com

Europe

T +49 69 667741 – 157 or +41 44 585 10 82
E Info_D@empowerID.com or Info_CH@empowerID.com

There has been some exciting news for those of us who have been following the evolution of Open Policy Agent as an new technology for distributed policy enforcement. The Cloud Native Computing Foundation (CNCF) has announced that Open Policy Agent has demonstrated the maturing and adoption level to warrant graduation from its status as an incubating standard. This is a major accomplishment for the OPA team and community. At EmpowerID, we have been tracking its progress and integrating it into our external authorization offering.

CNCF Announcement: https://www.cncf.io/announcements/2021/02/04/cloud-native-computing-foundation-announces-open-policy-agent-graduation/

The CNCF describes OPA as follows: "OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation. More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra."

I've included a short video below of EmpowerID leveraging OPA in conjunction with another exciting standard for authorization, User Managed Access 2.0 (UMA).

Introduction and Authentication & Access Management 

Over the past 7 years, empowerID has been working closely with its global implementation partner, Avanade, on various large IAM projects across Europe, namely customers such as Henkel (Germany), Siemens (Germany), Energie aus der Mitte (Germany), Bank Julius Bär (Switzerland), Paccar/DAF (USA/Netherlands), Eurovia (France) and most recently Proximus (Belgium). 

Avanade has a very large security practice and supports the world’s leading CIOs and CISOs with putting in place the best Microsoft-based infrastructure to protect their data efficiently and in case of Cyber compromise recover safely and quickly. 

We have decided that it would be valuable for our readers to understand the collective of lessons learned and posed challenges that these leaders have been facing when it comes to Digital Identity. This series is structured as a discussion between Brandon Nolan, Global Digital Identity Lead at Avanade, Arno Zwegers, Regional Security Lead for Avanade in the Netherlands, and Patrick Parker, CEO at empowerID, and is divided into five key areas that will each be covered in 5 posts over the next 5 months. The five key areas will be  

• Authentication & Access Management;  
• Authorization;  
• Privileged Access Management;  
• Identity Governance;  
• Monitoring and Intelligence.  

In this first session, we will look at authentication and access management and address questions such as: 

• Should I use a single or multiple authentication directories? 
• How does the current infrastructure affect the authentication strategy? 
• What is currently the “best” form of authentication? 

You can read the first discussion on the Avanade Blog here: https://www.avanade.com/en/blogs/avanade-insights/security/identity-challenges-and-lessons/?utm_source

Next month, we will continue our conversation on the topic of authorization. We hope to have you with us again then.