EmpowerID adds features from Quest ActiveRoles Server
The EmpowerID product started out as a web-
based self-service portal designed to reduce help-desk calls. It allowed users to update their own user information, like their phone number in Active Directory, to reset their own passwords, and also provided a customizable company phonebook. The Dot Net Factory, which makes EmpowerID, has since incorporated many features from Quest’s ActiveRoles Server and it has grown into a full-featured identity management solution.
Similar to Quest ActiveRoles Server “Quick Connect” modules that synchronize AD with external systems like HR databases, EmpowerID provides “Connect Modules” to synchronize AD with Oracle, LDAP,and other external data stores. Other features they have in common include automatic provisioning and de-provision of users, and a useful feature that Quest calls “Managed Units”, and that EmpowerID calls “Logical Locations”, which refers to a virtual Organization Unit that you can create to manage Active Directory without changing the structure of Active Directory. For instance, you could create a virtual OU called “IT Managers” that mapped to multiple AD OUs allowing for unified management and delegation.
Unfortunately, The Dot Net Factory uses overly aggressive sales tactics that would make a used car salesman blush. Getting an evaluation version of this product is not easy to put it mildly, and finding out the price is nearly impossible (I tried for 2 weeks with no luck). Suffice it to say, this is an expensive product on par with Quest ActiveRoles Server which costs $25/user in your AD forest.
EmpowerID is a great product, but if you are going to make a major financial investment in an Identity Management product customer support has to be a main factor in the decision. In addition, unlike most vendors, which provide evaluations that can be downloaded after filling in some contact data, The Dot Net Factory makes you go through a hard sale before they will even consider letting you see their product.
Website: http://www.thedotnetfactory.com/
Price: Around $25/user in your forest.
Tags:
21. December 2009 at 19:28
Imitation is the most insincere form of flattery. ;)
I’m not speaking about their product in particular, but there is often a hidden deployment/get it working cost above and beyond the license fee. At least one customer of the above mentioned tool – took a full year to get it deployed. Buyer be ware.
Bob Bobel
Platform Director, ActiveRoles Server
19. February 2010 at 02:43
Just wanted to clarify – EmpowerID can be installed with a large library of out of the box workflows in a very short amount of time. We do offer extensive customization capabilities as the only complete RBAC and workflow platform for AD so customers can and often do build real business solutions on EmpowerID. That would be an area where EmpowerID differs from solutions built on older technologies like ADSI that are just beginning to explore the world of Windows Workflow Foundation. Looking forward to see how they mature in the space that we pioneered.
Patrick Parker
Product Manager, EmpowerID
19. February 2010 at 03:13
What Bob doesn’t tell you is that the very same client ripped out Active Roles Server in the installation he refers to because they couldn’t meet their growing needs with Quest. And Quest had quoted triple the amount in customization, proving that the wrong tool for the job can indeed be costly. The client today is aggressively expanding their 235,000 user installation with EmpowerID.
Bradford Mandell
The Dot Net Factory, LLC
18. July 2010 at 14:31
We looked at both these products a while back- never actually tried EmpowerID sicne it was too difficult to get an eval and price info. Quest product was expensive and due to it’s design was not secure enough to meet our compliance needs for a true external-facing web portal. I have no idea why these vendors put “admin controls” in the external facing web portal page, it is a security incident waiting to happen!
We went with Password Reset PRO from SysOp Tools, which we found out about from an associate who is using it in thier 300,000+ user AD (almost a 5gb schema!!). Needless to say, the Reset PRO product fit the bill perfectly for our 45k user base and (seriously) took 10 minutes to install. It is slick in it’s multi-tier design and just about all aspects of it are customizable right down to the web page code, and due to that we were able to get it to look like our MOSS extranet site for a seamless integration and user experience. I think licensing is around $3/user normally but we have an “unlimited” license (7500 or more password expiring users in AD). This was also the only product we found that did not require database installs, was built securely enough to meet our PCI/DSS requirements, was extremely fault tolerant and had more than one “access mode” to deploy it to your users- Example, one mode is an enrollment based image + security word mode like current bank websites use and another mode is an AD-based question/answer mode that does not require pre-enrollment. We have separate portals running in different modes for different sets of users, very cool. Their support team walked us through the setup and were very knowledgeable about how their product works as well as how AD functions. In contrast, Quest support did not understand how their product functions on a detail level (maybe they aquired it from another vendor?), and could not answer any technical AD or compliance questions.
In my humble opinion, Reset Pro has the type of software and service that other vendors should strive to meet, there is no comparison here in terms of software quality, pricing and service. I think the bickering in the above posts is pretty funny ;p
-Frank
(Long time AD admin and MVP)