SharePoint's People Picker is one of the strangest user interfaces in the world. A SharePoint site admin generally gives permissions to either SharePoint groups or Active Directory groups. But if he/she uses AD groups, he/she doesn't know who is a member.
You can solve this conondrum with dynamic Active Directory groups but that still falls short. Active Directory groups have all sorts of issues with forests and domains and what if the user doesn't exist in AD? Many SharePoint instances are a combination of access for employees, contractors, partners and customers. It would be nice to manage the SharePoint permissions for each of those in one central place.
Luckily, SharePoint 2010 supports an external directory as a claims provider. EmpowerID's metadirectory functions as the claims provider and offers federated single sign on to SharePoint. And this opens up the world of roles (static or dynamic roles) to SharePoint. SharePoint permissions management becomes more robust as you can have roles in EmpowerID that reference any identity store, not just AD.
EmpowerID’s powerful hybrid RBAC and ABAC model can be used directly inside SharePoint’s People Picker user interface to grant access to sites, lists, documents, etc. The People Picker allows end-users to search and select any EmpowerID security object such as People, Groups, Roles and dynamic collections just as they would normally search for users or groups.
The EmpowerID RBAC system allows content owners and security administrators to use flexible and dynamically maintained role-based assignments when managing SharePoint permissions. The dynamic nature of these roles can dramatically reduce the administrative burden of manually setting security assignments and automates access granting and revocation based on changes in user’s job status, function or location.
Role based access control (especially when mixed and matched with attribute based access control) gives SharePoint a ton of flexibility in how you assign permissions within SharePoint. That customer can get the exact access they need (and even SSO) without lifting a finger. Your SharePoint team can publish internally and know that role based permissions are keeping it safe.
This is all built-in functionality to EmpowerID, let us know if you'd like to see it in action!