Simplify common authorization and access to applications for corporate users across multiple LDAP forests on-premise and in Microsoft Azure.
The application allows to map a user identity on multiple directories and ensures that starter – leavers processes are consistent across them all.
Besides user identity mapping in different applications and directories, Xpert.I.AM offers basic self-service user requests like changing a subset of AD attributes, checking the account lockout history, warning users about a password change and facilitating the reset, allowing the user to request resource access where approval is needed.
User Self-Service
-
Modifies AD properties and keep them in synch across different LDAP forests.
-
Provides warnings about lockout events across multiple directories.
-
Informs the user about password expiration and facilitates password changes.
-
Unlocks the user account in related LDAPs as long as the primary LDAP is not locked.
-
Requests access to applications (initiates the workflow).
-
Requests additional software licenses: O365, Azure and others (initiates the workflow).
Business Line Workflow
-
Control user onboarding to O365 with granular access to licenses and with custom approval workflow.
-
O365 and on-premise application authorizations are managed in a common workflow.
Configuration Module
-
Allows creating identity entities and establishes the relationships among them: primary – secondary.
-
Entities can be LDAPs, file servers, applications OUs, etc.
-
Full flexibility to extend the workflows based on new entities.
Service-Desk Module
-
User onboarding in multiple LDAPs and Azure.
-
Batch onboarding based on template files.
-
Creates and manages relationships: one user – multiple accounts.
-
Creates and manages user profiles(*).
-
Allocates users to profiles(*).
(*) by profile we refer to a set of licenses and granted authorizations
Service-Desk Module (cont’d)
-
Maintains Primary LDAP forest vs. Secondary LDAP forests relationships and if a user is disabled in Primary LDAP then it disables the user in secondary LDAPs as well.
-
Provisioning wizard
-
User profile management across multiple directories.
-
Reports for unused accounts and facilitates the automated process for disabling them.
-
User attributes mass changes.