EmpowerID Admin Guide
This guide provides procedures and reference information for administering EmpowerID. It covers identity management, access governance, privileged access management, authentication, system configuration, and deployment operations.
Guide Organization
Identity Administration
Manage identities, user accounts, and organizational structures within EmpowerID. This section covers system architecture, identity object management, account lifecycle operations, and organizational hierarchy configuration. Use these procedures to maintain accurate identity data, understand deployment patterns, and configure the foundational structure supporting all identity operations.
Identity Lifecycle
Manage the complete identity lifecycle from provisioning through deprovisioning, including automated workflows and account reconciliation. Configure HR-driven lifecycle policies, account inbox processing, identity evaluation rules, and permanent workflows that continuously monitor and synchronize identity data. This section enables automated provisioning and deprovisioning across all connected systems based on lifecycle events and policy-driven access assignments.
Identity Governance
Implement access certification programs, policy enforcement, role management, and compliance reporting for identity governance initiatives. Configure access reviews and recertification campaigns, manage business roles and management roles, enforce separation of duties policies, and generate compliance reports. These procedures support audit requirements, risk mitigation, and maintaining compliant access across the enterprise.
Connectors (OOB)
Configure and manage out-of-box connectors for integrating EmpowerID with external systems and applications. EmpowerID provides connectors supporting REST APIs, SCIM, LDAP, SQL stored procedures, flat files, and universal database connections. This section covers connector configuration, account store management, inventory scheduling, and provisioning policy setup for connected systems including Active Directory, Azure, SAP, and other enterprise applications.
Self-Service
Configure and manage self-service capabilities including password reset, access requests, and user profile management. Enable users to reset forgotten passwords using multi-factor authentication, shop for resources in the IT Shop, manage their own profile information, and request access to applications and groups. These self-service features reduce helpdesk burden while empowering users to manage their own access needs within governed approval processes.
Authentication
Configure authentication methods, multi-factor authentication, single sign-on, and authentication policies. Set up MFA enrollment, configure authentication challenge questions, establish SSO federation with service providers, and manage authentication security settings. This section covers both user authentication for accessing EmpowerID and federated SSO configuration for integrated applications.
Human Approval Flow
Design and manage approval workflows for access requests, provisioning operations, and administrative actions. Configure approval flow policies that route business requests through multi-level approval processes, set up rights-based approval routing (RBAR), and define approval chains based on organizational hierarchy and delegation rules. Approval flows determine which items require approval, how many approvals are needed, and who must approve each request before fulfillment occurs.
No Code Flows
Create and manage no-code fulfillment workflows that execute actions once business requests are approved. Design workflows using visual tools without writing code, configure fulfillment logic for provisioning, deprovisioning, or other automated actions, and set up background jobs that monitor and execute fulfillment workflows. No-code flows operate autonomously and provide status updates to business request items, enabling business users to build automation without developer resources.
Authorization
Configure authorization policies, role-based access control (RBAC), attribute-based access control (ABAC), and policy-based access control (PBAC). Define operations and resource roles that control granular access to EmpowerID resources, establish delegation policies, and configure the authorization engine for external applications. EmpowerID's authorization model supports fine-grained access control with real-time policy enforcement and can function as a Policy Decision Point (PDP) for integrated systems.
Privileged Access Management
Secure, monitor, and audit privileged accounts and sessions, including privileged session management and credential vaulting. Configure PSM containers for session recording and monitoring, manage privileged credential storage in secure vaults, implement just-in-time access for administrative tasks, and establish policies for privileged account lifecycle. These capabilities reduce attack surface by eliminating standing privileged access and providing comprehensive audit trails for all privileged activities.
Notifications and Emails
Configure email notifications, templates, and communication settings for system events and user notifications. Set up SMTP server connections, customize email templates for workflow notifications, configure notification triggers for lifecycle events and approval tasks, and manage notification delivery settings. Proper notification configuration ensures users and approvers stay informed about access requests, certification campaigns, and system events.
Configuration Options
Manage system-wide configuration settings including SMTP configuration, licensing, certificates, and global parameters. Configure system settings that control platform behavior, upload license files, manage SSL certificates for secure communications, set up CDN delivery for static content, and configure federation settings. This section covers the technical configuration parameters that affect overall system operation and integration capabilities.
EmpowerID SaaS
Monitor EmpowerID SaaS deployment health and system availability. Configure availability monitoring to track system status and execute SQL-based health checks to verify operational integrity. These monitoring procedures support proactive system management and rapid diagnosis of potential issues in SaaS deployments.
Managing EmpowerID On-Premise
Plan, deploy, and maintain EmpowerID in self-hosted on-premise environments. This section covers hardware and software requirements, installation procedures for containerized and server-based deployments, configuration of EmpowerID services, and ongoing maintenance tasks. Topics include database setup, service account configuration, network requirements, performance tuning, backup and disaster recovery, and log management for enterprise-grade on-premise deployments.
Glossary
Definitions of EmpowerID-specific terms and concepts used throughout the documentation. Reference this section for clarification on terminology including business roles, management roles, operations, resource roles, permanent workflows, business requests, and other platform-specific concepts.
Release Notes
Information about new features, enhancements, and fixes in each EmpowerID release. Review release notes when planning upgrades to understand what changes, improvements, and new capabilities are available in each version.
Using This Guide
This guide assumes familiarity with identity and access management concepts. Procedures are organized by administrative task and provide step-by-step instructions with relevant configuration details.
Navigate using the sidebar to locate specific topics. Each section contains conceptual information, procedural guidance, and configuration reference material appropriate to that administrative domain.
For API integration and developer resources, refer to the EmpowerID Developer Guide.