EUM™ lets you define the ground rules for your user management needs, and then let's you put your Enterprise User Management™ on auto pilot - requiring only minimal intervention even when managing many thousands of users. You start by defining criteria based groups and the permissions that members of these groups will have in your applications. For example, you can define a group as follows: Location = 'USA' and Department = 'Finance'. Next you specify the permissions that members of this group will have in your applications. People who have attributes which match the group's criteria will automatically become members of the group, they will be granted a user account if they don't already have one and will get applications permissions as defined by the group.
The User Lifecycle begins when a user registers online or when EUM™ automatically creates user accounts from your TRM™ (Tracker Total Relationship Management) contacts which fit your criteria based groups. When a user's attributes change, EUM™ automatically updates their group membership, taking them in and out of groups automatically. The user account lifecycle ends when the user is no longer a member of any group, in which case EUM™ can either automatically lock or de-provision the user account.
In addition to automatically creating EUM™ user accounts, the system can also automatically provision and continuously synchronize user accounts, groups and group membership in various backend systems including LDAP directories such as Microsoft Active Directory, E-Mail systems including distribution groups and members, ERP systems and more.
Every contact your business has is a potential user. You enter your contacts into Tracker Total Relationship Management (TRM™ ), or you can setup continuous differential synchronization of your contacts from any of your data sources (i.e. your Human Resource system). You define groups in EUM™ based on any combination of contact attributes (i.e. Division, Department, Job Title, Job Grade, Geographical Location) and specify
group permissions. Once your groups are defined, EUM™ automatically creates Users from your TRM™ contacts and automatically maintains user-group membership. Your users can logon to individual applications directly, and they can also work with all their applications in a single browser page - via the Corporate Central SaaS Portal.
EUM™ assigns globally unique identities to all your internal and external users and delivers a global single logon. In fact, you get a central repository for uniquely identifying every contact you have, user or not.
EUM™ Account Mapping resolves the issues associated with maintaining user IDs separately in your various backend systems by recording all the IDs for the same person from your various systems and providing a globally unique ID for the person.
EUM™ maps the person to all the systems where they appear and then uses the user's globally unique ID to reference the user in any of your systems or data sources.
All this data is available to you when you work with any Corporate Central application, including WAG™ applications that you create, your home grown and 3rd party applications and Social Web logon services.
EUM™ Social Web integration removes barriers to registration and converts website visitors into registered users. With EUM™ Social Web integration you can offer your users to login with their Social Web accounts including their Google,
Facebook, Twitter, Yahoo and PayPal accounts. Depending on your audience, this capability may be very attractive to certain types of users who will be far more likely to use your site when they are not required to register yet another
separate user account. Internally, EUM™ still creates and maintains the Account Mappings for the user which allows you to record their attributes and offer them an automatically generated user account and login. Now they can login
EUM™ gives you all the options to incorporate any application and logon service access model from Enterprise to Cloud to Social Web. You can provide custom registration pages, create user accounts automatically
from various data
sources such as your HR system and use the Social Web Integration capabilities. EUM™ integrates and automates with many popular corporate directories and systems. The EUM™ Directory Synchronization Service provides continuous synchronization to and from EUM™ and many LDAP directories and databases. The service
can access many LDAP directories including Microsoft Active Directory, Microsoft Exchange for automated mailbox provisioning, Lotus Notes, OpenLDAP, X.500 Directories, and many non-LDAP directories and data sources.
Enterprise User Management™ is often implemented with large scale corporate directory synchronization. Companies have integrated Enterprise User Management™ with many LDAP compliant directories as well as custom directories. Whatever type of integration need or initiative you have, EUM™ can handle it all.
Automatic Criteria Based Groups greatly simplify user access control and allow permissions to be managed based upon user profiles which are comprised from a series of dynamic user attributes (i.e. Division, Department, Job Title, Job Grade, Geographic Location).
Once you define EUM™ criteria based groups, the system automatically
maintains user-group membership and associated resource access.
For example as employees are hired, change roles or retire - they are automatically assigned to the appropriate criteria based groups. Administrators need only define groups and their permissions.
The EUM™ Logon Service lets you integrate your app with Corporate Central. When a user tries to login through your logon page, they provide the necessary credentials – Username and Password. Your logon page adds a globally unique system id assigned to you by EUM™ and submits a request to the EUM™ Logon Service which authenticates the user. In a successful authentication, the EUM™ Logon Service returns an array of one or more effective Permissions that the requestor has to your system. 3 lines of code, that’s all it takes to enable any of your apps to authenticate via the EUM™ logon service.
Enjoy the benefits of automatic account provisioning by setting up criteria based groups in EUM™ , then start entering contacts into TRM™ , either manually or setup continuous real-time differential synchronization from any of your data sources into TRM™ . Configure TRM™ to continuously sync with your HR system for example - and any time an employee record is entered, modified or deleted in HR - the change is immediately reflected in TRM™ . EUM™ monitors these changes and creates a new user account when a new employee is added in HR. If the employee record is removed from HR, EUM™ will disable or de-commission the user account. Of course, you can have TRM™ synch-in from any of your data sources (not just HR) such as data sources for customers, vendors, partners, suppliers and so on, and you will get the same great results.
Enterprise User Management™ implements an open Web Services design architecture to easily integrate with internally developed and 3rd party solutions while minimizing use of specific APIs
on both ends, thereby promoting significant decoupling and dynamic binding of components. This in turn enables and drives service-oriented architectural approach.
Enterprise User Management™ is often implemented with large scale corporate directories where you can synchronize User Accounts, Groups and Group Membership defined and maintained in EUM™ , and the other way around!. Companies have integrated Enterprise User Management™ with many LDAP compliant directories as well as many non-LDAP directories, custom directories, and data sources.
Automatic Directory Synchronization works with many LDAP (Lightweight Directory Access Protocol) directory services including Microsoft Active Directory, Microsoft Exchange for automated mailbox provisioning, Lotus Notes, OpenLDAP, X.500 Directories .
Whatever type of integration need or initiative you have, EUM™ can handle it all.
With EUM™ you can easily delegate specific administrative tasks with precise resolution to specific web applications or systems and specific permissions levels. This level of resolution enables the definition of powerful delegation matrices
using EUM™ drill down web based user interface.
EUM™ is designed to centralize and automate user access to applications and data for all internal and external users. To accomplish this, EUM™ securely integrates
and synchronizes with systems, contact sources, directories and more to provide complete control over all user management.
The ground rules are defined and integrated once and thereafter users are automatically maintained with their identities, groups and group membership through profile based automation and directory automation.
Administrators need only define the ground rules and handle exceptions.
EUM™ automatically logs detailed audit trail records including all user activity and resource access from system and module level down to the record and field level. This includes for example the record, field, date, time and IP addresses
of user resource access requests including whether it was a successful or failed logon request.
Account creation, modification, password changes, resources accessed, account lockouts and much more are part of the logging mechanism. The built in reporting facility includes sophisticated reporting on many combinations of parameters including user and group attributes, resources and permissions.
EUM™ is an essential tool in auditing and establishes compliance for system access as defined by Sarbanes Oxley and HIPAA.
Since many EUM™ customers are from the financials industry, its security has been scrutinized on an ongoing basis and EUM™ puts in your hands over a decade of security expertise running large scale web applications in the wild.
Running large scale web application introduces us to the daunting task of enforcing policies. Administrators must be given a solution that is both resilient to attacks and protective of data confidentiality, integrity, and availability.
EUM™ implements powerful full featured policy management including sophisticated options for password, security, monitoring, policing, auditing, logging and reporting. These features deliver significant tools for maintaining compliance with regulatory authorities.