EmpowerID Office 365 Manager solves the delegation challenge with Office 365 and Azure by allowing organizations to extend their existing role or
group-based security model and OU structure seamlessly to Office 365.
IT departments have spent decades developing and refining their processes and tools to automate, to secure, and to audit their on-premise systems. Typical enterprise security models rely on delegation of granular administrative privileges to roles or groups of users for specific departments or business units, frequently using the OU hierarchy of Active Directory and LDAP as the logical structure for assigning scoped privileges. A major challenge posed by Office 365 and Azure Active Directory is their flat, single level directory that lacks a hierarchical structure to represent your organization and their limit of 5 administrative roles for granting access across the entire organization. EmpowerID addresses this by allowing Office 365 users to automatically belong to the same location in an EmpowerID hierarchy as they do in your internal, on-premise Active Directory.
You can create policies that leverage your existing on-premise AD groups or EmpowerID roles to grant granular administrative access for Office 365 based on user location or other similar criteria, including: department, business unit, group membership and many other attribute values.
In addition to automating most Office 365 administration tasks, EmpowerID unifies all of them under a single set of web and mobile interfaces that can
consolidate the management of all of your Cloud and on-premise systems, including Active Directory, LDAP and numerous enterprise applications. In so doing,
EmpowerID prevents the need to learn and to use Office 365’s completely new and standalone set of admin interfaces and APIs. EmpowerID’s hundreds of workflows
allow technical and non-technical users alike to perform securely delegated user, group and mailbox administration tasks in a friendly web-based interface from
their desktop or mobile devices.
Microsoft provides tools for synchronizing your on premise Active Directory with Office 365, but they are too basic for most enterprise organizations.
EmpowerID integrates even the most complex on premise multi-domain and multi-forest Active Directory environments with Office 365 right out of the box.
Flexible attribute flow rules keep all directory attributes in sync while policies automate provisioning, license assignment, and deprovisioning based on your Active Directory
or HR system. EmpowerID also supports on demand provisioning via web-based request forms or from 3rd party IAM systems using our web API.
Security groups are the cornerstone of controlling who has access to what within Office 365 and maintaining accurate email distribution groups are
critical for effective organizational communication. EmpowerID completely automates the creation, the management of membership, and the retirement
of dynamic data-driven groups. Flexible policies created with EmpowerID save time and money by using data from any enterprise system, including an
on premise Active Directory or HR system, to automatically create common security and distribution groups. For non-dynamic groups, designated group
owners and admins can manage group membership in an easy to use web-based interface from their desktop or mobile devices. SharePoint site owners may control and approve requests to join the groups that grant access to their sites and end users may shop for membership in these Azure AD groups.
Forgotten passwords lead to frustration and are typically the number one source of helpdesk calls. EmpowerID can significantly reduce these incidents for both federated (SSO-enabled) and non-federated Office 365 environments.
Internal users in federated environments can perform a forgotten password reset of their on-premise Active Directory password or their EmpowerID person password, depending on which they use. In non-federated systems, an internal user’s self-service password reset syncs the new password to both their Office 365 user account and on-premise Active Directory user account. In both configurations, users only have to remember a single password and specific workflows allow delegated helpdesk admins to step in and assist when necessary to perform a password reset.