The Dot Net Factory, a provider of Windows Identity Management modules, is launching Version 4 of the EmpowerID Suite, a comprehensive Windows-based Identity Management suite. Users of previous versions of EmpowerID have the right to receive the new version based on the Windows Workflow Foundation. It harnesses the new Windows Workflow Foundation (WF) framework. The Dot Net Factory is one of the first companies to fully employ this framework, and has chosen it to drive the workflow for identity management. Previous users of EmpowerID can choose to continue using Dot Net Factory’s custom developed workflow engine or switch to the new WF framework. In general, KCP appreciates the usage of standard workflow engines for Identity Management.

For provisioning, EmpowerID v4 gives users a choice of either integrating seamlessly with Microsoft’s Identity Lifecycle Manager (ILM), or using custom connectors that directly integrate EmpowerID with external user stores and services. This flexibility is, from our point of view, important because customers can select the architecture which fits best to their environment – either with the proven foundation of ILM or in a more lightweight approach using only the basic functionality of EmpowerID.

EmpowerID is offered as individual modules that integrate seamlessly with each other, or can be integrated with other third-party components in an enterprise identity management platform. Identity Lifecycle Management functionality is offered through modules such as a self-service password manager, profile manager and provisioning manager. Connectors exist to Active Directory, external LDAP servers, UNIX servers and several relational databases. The Dot Net Factory is currently developing external connectors to SAP and Oracle applications that are announced for the second quarter of 2008. This relatively small list of own connectors is definitely one of the shortcomings of the product, even while it can be solved at least partially by using ILM connectors and ILM. Besides this, an adapter factory for flexible creation and enhancement of existing connectors is missing.

The Suite also offers a powerful role mining and enforcement module that allows a flexible role model to be enforced over many different services, such as SharePoint, Windows File and Print Shares, Groups, Exchange, UNIX and custom applications. Auditing of roles is supported as well.

The workflow engine is driven by entitlement management at every stage which is a novelty in this space. This makes it easy to control exactly who can authorize what actions, and requests are automatically routed to the “nearest” person who can approve them – where “nearest” can be configured to mean by hierarchy, location, or any other factor.

The Dot Net Factory also highlights EmpowerID v4’s tight integration with SharePoint: new accounts and access with approvals can be integrated into the workflow. Login can also become part of the workflow, which allows for example an integration of SharePoint 2nd factor authentication with Entrust Identity Guard. In fact, the tight SharePoint integration seems to be in major demand and has been driving the development of these new features. The integration with SharePoint is, with no doubt, one of the interesting features of the product especially in Microsoft-centric environments. For these environments we see EmpowerID as an interesting add-on and alternative to ILM and other established products.

Headquartered in Dublin, Ohio, with plans to open a London office in the second half of 2008, the Dot Net Factory sells EmpowerID directly, and works with large integration partners such as Avenade.

Official release is announced for the 3rd of March. The web site already offers a sneak preview of the features at