×

IDMWORKS Blog

Non-Employee Identity Suite Solves Real World Provisioning Problems


The IDMWORKS Non-Employee Identity Suite (NEIS) solves a series problems that companies face every day when it comes to managing the provisioning of non-employees.

Create, Manage & Track Non-Employees In One Place
The IDMWORKS Non-Employee Identity Suite consists of a portal and LDAP directory that allows companies to create, manage and track Non-Employees in one central place, the same way human resources systems manage standard employees.

It gives a System of Record for Non-Employees (typically any of the following: Consultants, Contractors, Students, Affiliate Doctors/Nurses, Interns, Seasonal Workers, Temp Workers, etc…) and can even be used to track Vendors!

Each gets an unique identifier that stays with the Non-Employee type even when the user leaves the organization or becomes a full time employee, so that the organization has historical trace-ability.

Many organizations still resort to using spreadsheets for this purpose (if you can believe that!)

Stand Alone or Add On
The IDMWORKS Non-Employee Identity Suite is a stand-alone product that be housed both On-Prem or as a SaaS component in the cloud (pick your favorite managed service provider or utilize IDMWORKS’ MSP.)

The suite can also function as an IDaaS Auto-Provisioning add-on component that can feed into your favorite vendor auto-provisioning tool. This is done by extending the third party auto-provisioning on-premises product with a SaaS auto-provisioning capable product.

The NEIS comes packaged with an LDAP connector but also supports SCIM and others so it can feed into (or be fed from) your third party IDM vendor product right out of the box. This means it can be a feed in the way PeopleSoft, Workday, Lawson, Ultipro, etc… feed into downstream systems today.

Why NEIS Is A Better Way To Track Non-Employees

Today most companies either track non-employees via spreadsheet, which is error prone and manually intensive, or they create an Active Directory account for their users regardless of type or need, and use that as a default tracking mechanism.

The Active Directory method has the following problems:

• Not all users need AD accounts and/or system access

• Each AD Acct has a license cost associated to it, this gets expensive

• When a user in AD is moved to the Disabled Users OU their trackable information gets striped (AD Groups, Certain Attribute Values, Network/Share Drives, etc.) which additionally causes a ripple effect to unstructured data (orphaned documents and information once owned by the user).

The Bits & Pieces (AKA How It Does What It Does)
The IDMWORKS Non-Employee Identity Suite takes an Invitation + Self-Registration approach to provisioning users into an identity store and granting them entitlements.

The major objectives of the application (beyond solving the business problem) are to demonstrate a true ROI in a short amount of time through easy installation and prescriptive workflows, while still providing some guided customization of the look & feel and attributes that can be captured.

Of special note is that the application was built with mobile and cloud in mind and is constructed using Service-Oriented Architecture principles to maximize reuse of the various components for future solutions.

IDMWORKS Non-Employee Identity Suite Capabilities
• LDAP Gateway used as an Oauth2 Identity provider for User and API AuthN/AuthZ
• Users & Groups can be stored anywhere (natively within the Suite or in a LDAP Directory, RACF, Azure AD, Salesforce, Epic, etc…)
• Delegation of administrative operations
• Password reset/change workflow with strength checking
• Self-Registration & Administrative registration
• Account enablement/disablement
• Notification service for notifying users as well as auditing
• Entitlement assignment and enforcement
• Private labeling
• Web-based registration form construction
• Support for custom attributes
• Web & Mobile UI across the entire product

One of the major benefits of the approach taken with this application is that many of the services created for this application can also run on their own and provide demonstrable value when tied to the LDAP gateway.

One such example is leveraging the OAuth2 service in concert with the LDAP gateway to represent a PIP (Identity Provider) endpoint to allow systems like RACF and TopSecret to participate in Federated Authentication and SSO use cases.

Request a demo today to see exactly how the IDMWORKS Non-Employee Identity Suite works.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *