EmpowerID Administrator Training Curriculum
Identity Governance and Administration - General Concepts
- IGA Overview
- Identity Lifecycle Management
- Access Management and Governance
- Single Sign-on and Federation
- Compliance
- Roles Based Access Control (RBAC)
- Privileged Access Management (PAM)
Critical EmpowerID Concepts
- Modules/Licensing
- Identities – Person, Account, Core Identity
- Authentication
- System Integration
- Security Infrastructure
- Workflows
EmpowerID System Architecture (hardware and application)
- Platform Architecture
- EmpowerID Servers
- EmpowerID Database
- Server Roles
- Jobs/Services
- Permanent Workflows
- Component Model
RBAC Architecture Overview
- RBAC Overview
- Business Roles/Locations
- Management Roles
- Delegation/Access Assignment
UI Navigation Overview
- Legacy Admin Interface
- Microservices Interface
- IAM Shop
- Resource Admin
- Task Manager
- My Identity
- Lab: Create Person Identity and Navigating the UI
Account Store Connections
- FlatFile – HR Data
- Active Directory
- EntraID
- Tracking Only
- Lab: Create Flat File connector to HR data file
- Lab: Create Active Directory Connection
- Lab: Create EntraID Connection
- Lab: Create Tracking Only System
Attribute Flow Rule Configuration and Management
- Schema Overview
- Attribute Flow Rules
- Scoring/Weighting
- Lab: Configure Attribute Flow Rules for Connected Systems
Identity Lifecycle Settings (JML)
- Join and Provision Rules
- Core Identity Rules
- Termination Query Based Collections
- Role/Location Assignments – Dynamic Hierarchy
- Lab: Lifecycle settings configuration and Account Inbox Processing
- Lab: Dynamic Hierarchy, Role/Location Assignment configuration and processing
Provisioning Policies
- Configuring/Managing Provisioning Policies
- Monitoring Provisioning/De-Provisioning Jobs/Processes
- Lab: Create Provisioning Policy – Active Directory
- Lab: Create Provisioning Policy – EntraID
- Lab: Create Provisioning Policy – Tracking Only
Entitlement Configuration and Management
- RBAC Assignment of Entitlements
- Business Role/Location
- Management Roles
- Query Based Collections
- Person Direct
- Entitlement Reporting and Tracing
- Lab: Assigning Group Memberships
Dynamic Hierarchy
- Dynamic Hierarchy Group Policies
- Dynamic Hierarchy Management Role Policies
- Lab: Create Dynamic Hierarchy Policy - Groups
- Lab: Create Dynamic Hierarchy Policy - Management Roles
Self Service Access Management
- Resource Eligibility
- Shopping for Resources
- Managing Access
- Lab: Configuring Resources for IAM Shop
- Lab: Shopping for Resources
No-Code Workflows
- Overview
- Events and Event Processing – Scoping
- No-Code Flow Definitions, Scope Types
- Lab: Configure No-Code Flow Definition and Event Flow Policy
Approval Flow Policies
- Business Request Types
- Item Type Actions
- Approval Flow Steps
- Approval Flow Policies
- Lab: Create Approval Flow Policies
Access Request Policies
- Resource Assignments
- Time Constraining Access
- Approval Flow Policy Assignment
- Lab: Create Access Request Policies/Assign Resources
Resource Ownership and Management
- Resource Ownership
- Responsible Party
- Owners
- Deputies
- Managing Resources in Resource Management
- Groups
- Management Roles
- Applications
- Mailboxes
- People
- Legacy UI Resource Management
- Lab: Create, Manage Groups
- Lab: Create, Manage Management Roles
- Lab: Create, Manage Account/Person
RBAC Persona Configuration and Management
- RBAC Assignment Delegation/Hierarchy
- TRBAC Management
- Persona Role Bundling using TRBAC Roles
- Lab: Create Persona Delegations
MFA Configuration and Management
- Configuring and Managing MFA Methods
- Using MFA
- Lab: Configure and Use MFA for Login
Password Management
- Password Manager Policies
- Self-Service Password Reset Workflows and Processes
- Using MFA in the Password Management Processes
- Lab: Configure MFA Policy and Login using Passwordless Login
- Lab: Configure Password Manager Policy
- Lab: Configure and Use Self-Service Password Reset
Complex Authorization Management (PBAC)
- PBAC Overview
- Application Rights
- Application Roles
- PBAC Assignments
Application Management
- Overview - Application Types
- Managing Non-Azure Applications
- Managing Azure Applications
Risk Management
- Risk Management Overview/Concepts
- Creating/Managing Local Functions
- Creating/Managing Local Risks
- Creating/Managing Global Risks
- Creating/Managing Global Functions
- Creating/Managing Mitigation Controls
- Risk Reporting and Analysis
- Lab: Create/Configure Local/Global Functions
- Lab: Create/Configure Local/Global Risks
- Lab: Create SoD Policy
- Lab: IAM Shop Request/Risk Approval
Recertification
- Recertification Overview/Concepts
- Recertification Policies
- Audit Campaigns
- Recertification Tasks
- Lab: Create Recertification Policy
- Lab: Create Audit Campaign
- Lab: Approve and Process Recertification Tasks
Privileged Access Management
- PAM Overview/Concepts
- Credential Management
- PSM Configuration/Management
- PAM Access Request Policy Configuration
- Computer Management
- Lab: Configure Computer for Local Management
- Lab: Configure Computer Object for PSM
- Lab: Create/Configure Shared Credential
- Lab: Create/Configure Personal Credential
- Lab: Connect to PSM Session
- Lab: Checkout/Check in Vaulted Credential
Miscellaneous System Configuration
- Localized Text
- Workflow Parameters
- Email Notifications/Templates
- UI Actions
- Page Attributes
- Lab: Adjust Page Attributes for Person View and Account View
- Lab: Create UI Actions
- Lab: Set Workflow Parameters for Onboard Management Role Workflow