A Full-Featured Suite of Tools

Click on any of the products listed below to learn more about GroupID and how it can help your organization.

GroupID from Imanami is the cornerstone in Identity and Access Management. Easy to install and maintain, GroupID empowers your organization with the tools needed to keep the right information to the right people…and the right time.

Automate

SmartGroups: Dynamically maintain distribution and security groups

A powerful, yet easy-to-use query designer allows active directory management to occur by setting a query just once. An actual group is created in AD and maintained by GroupID Automate. The query designer allows for extremely complex queries in a simple to understand format.

Flexible Dynasties: Create the most common groups in just a few clicks

Dynasties take the complexity out of the most common distribution and security groups. A Dynasty automatically creates groups based on the most common criteria (manager, department, location, etc.) for example, a location Dynasty will create lists for region, country, state, city and office location. The flexibility of Dynasties allows you to name the individual lists based on any field within Active Directory.

How does GroupID Automate do it?

Dynasties take the complexity out of the most common distribution and security groups. A Dynasty automatically creates groups based on the most common criteria (manager, department, location, etc.) for example, a location Dynasty will create lists for region, country, state, city and office location. The flexibility of Dynasties allows you to name the individual lists based on any field within Active Directory.

Imported source queries

When data is stored in sources that are outside of Active Directory, GroupID Automate can query those sources AND Active Directory. A Smartgroup query can contain multiple fields from sources outside of Active Directory, creating a very flexible robust system. The external data sources include CSV files, Text files, Microsoft SQL Server, Oracle, LDAP, SunONE iPlanet, and any ODBC compliant Data Source.

Group usage service

Need active directory management tools to manage your existing groups? Group Usage Service has now been integrated into GroupID Automate. Group Usage Service monitors when mail is sent to a group, and updates the timestamp on the group. Use GroupID Reports to view your unused groups. Take it to the next step and expire or delete the group in GroupID’s MMC.

Powershell extensibility

Everything that GroupID Automate does has an equivalent powershell command. This allows you to programmatically extend GroupID Automate into existing processes.

Transfer ownership wizard

Need to change the ownership of all the groups a user owns? No problem, the Transfer Ownership Wizard allows you to transfer ownership of all groups owned by one user to another, in one step. Simply enter and individual’s name into the field and the Wizard will locate all the groups they are in as well as all the groups they own. Simply select the specific groups that need to have a new owner assigned, pick the new owner(s) and automatically, the Transfer Ownership Wizard will make the changes for you!

Password expiration notification

Notify users via email that their password is about to expire. Using a simple wizard in the query designer, GroupID Automate will create a list of accounts with expiring passwords and send reminders to update.

Self-Service

Group management

GroupID is the industry’s most complete end to end group management solution. Manage a group from creation to its usage to expiration and on to deletion. Give your end users the ability to manage their groups with IT’s control.

Group lifecycle
Set an expiration policy on any and all groups. Group owner’s are notified before a group expires and is given the ability to renew them. Make sure a group is still useful for the business before allowing it to clutter up your GAL with an old unwanted group. Group lifecycle works on both AD security groups and Exchange distribution lists.

Manage your own groups

Group owners can manage the membership, lifecycle, and delivery restrictions on their groups. Add workflow to join groups, create restrictions on who can send to the group, and add/delete members.

Join & Leave groups

Users can opt in or opt out of groups depending on their security levels.

Multiple owners
Any amount of groups or users can manage a group. All owners receive the same rights. All owners receive workflow notifications. Have an assistant manage your group or delegate it to your favorite employee!

Workflow on group creation
Allow users to create groups but give IT or their manager a chance to approve what they’re doing. Enforce naming conventions or security levels.

Enforcable naming conventions
Force a prefix (or even create a drop down list) onto all group names to standardize your GAL or distinguish groups in different departments.

Group security settings
Private: nobody can join
Semi-private: the owner has to approve the new member
Semi-public: the owner is notified that there is a new member
Public: anybody can join

Delegated user attribute management

Allow end users to manage their own attributes, change passwords, and manage workflow requests through a customizable web interface into Active Directory.

Complete customization
GroupID Self Service allows you to set any fields to view, edit, or hide depending on a highly customizable set of roles. Allow only the users you want to manage attributes to manage them.


Notification & workflow

Create workflow on any attribute changes with approvals going to managers, HR, help desk or admins. Very customizable and powerful workflow gives IT confidence in delegating.
Bad Word Filter

Apply a customizable list of bad words onto any attribute on any object to keep users from polluting the GAL with objectionable wording.
Administrator Control
Reset password

Allow end users to reset their own password.

SharePoint integration

Use Active Directory Security Groups to control access to resources in SharePoint. In many cases, SharePoint groups are redundant to existing Active Directory Security Groups, so why duplicate the management of permissions? Most IT AD administrators however would rather not delegate control to SharePoint Administrators or give access to the directory using Microsoft Windows Server administrative tools such as ADUC (Active Directory Users and Computers) or ADAC (Active Directory Administrative Center). Instead, they can safely delegate access to security group management in Active Directory with GroupID Self Service’s friendly web-based portal. SharePoint administrators may also extend the portal with native integration by adding a button in the ribbon. Read more in the blog: A better way to manage AD or SharePoint group permissions.

Phonebook access

A common use for GroupID Self Service is that of a web-based directory based on the content of your Active Directory. Easily deployable as an intranet solution for your organization, the “Phonebook” role of Self Service allows users to search and list content of users and contacts in the directory but not allow modifications.

Dynamic schema detection

Attributes in your Active Directory are exposed in the GroupID Self Service portal. Choosing which attributes to display or allow to be modified is configurable. If you have extended the schema through common methods such as that which is extended by Microsoft with the deployment of Exchange or through a custom schema extension, these attributes can be exposed for use within the GroupID Self Service portal.

Cross forest support

GroupID Self Service is designed to work in many disparate environments and includes built-in support for organizations with a cross-forest configuration. Administrators can delegate control over groups and users in environments where there are forests with established trust relationships.

Synchronize

All new console

The GroupID Synchronize Console gives you a bird’s eye view of all your GroupID Synchronize jobs including information on when they will run, when they last run, how many objects were updated, created, deleted or unchanged. Through the console you can manage your existing jobs, create new jobs, delete jobs, even preview changes a job would make to the target directory.

Scripting

Scripting provides a means to extending the built-in functionality of GroupID Synchronize to meet your business logic needs. Use script transforms to combine or format fields, create user names by formula, code translations from one encoding to another, or to create a descriptive text. Script can even be used to route new users/contacts to the appropriate container.

In GroupID Synchronize, scripting capabilities have been expanded to provide more scriptable events. This means you can write script that executes only when an object is updated, or deleted, or even just before it is created. You can use these events to write script that perform other functions, like sending an email notification to a manager when a new user is created, or enabling an Active Directory User account for use with Live Communications Server. Combine this ability with the new PowerTools feature in GroupID Synchronize and the possibilities are endless!

Preview changes

See what will happen before it happens using GroupID Synchronize’s new Preview feature.

The Preview function runs the job but without modifying the destination. It then displays a summary of how many records would be updated, unchanged, created, deleted, or error out. You can even drill down to find out the before and after values of the modified objects.

Once you are satisfied with the results, click Run to commit your changes to the destination.

Multiple Data Source Support
Support for several data sources including:

  • Microsoft Access – New Source & Destination!
  • Sun ONE Directory Server / iPlanet (LDAP) – New Destination!
  • Oracle – New Destination!
  • Microsoft Active Directory with Exchange 2003/2000
  • Microsoft Exchange 5.5
  • Microsoft Excel
  • Text Files including CSV
  • Adacel View500 (LDAP)
  • Lotus Notes (LDAP)
  • Novell Directory Services (LDAP)
  • Microsoft SQL Server
  • Any LDAP Version 3.0 compliant data source
  • Any ODBC compliant data source

Email notification

Now you can receive an email notification when a job runs. The notification includes whether the job succeeded or not, how many records were changed and the log file as an attachment.

Job histories

See the history of the job over time. See how many objects were created, updated, unchanged, or deleted. A graphical view is also provided.

Power tools

Need to update multiple systems from one job? How about sending notification when a new user is created or deleted? GroupID Synchronize Power Tools are an add-in from Imanami Professional Services that allow you to extend the power of GroupID Synchronize almost infinitely. You define your business process – let GroupID Synchronize automate it.

Key features

Preview
See what would happen before it happens. GroupID Synchronize’s Preview Feature lets you see what would change when the job is run without making any changes in the target system. You can see what records would be updated, created, or deleted. You can even review the before and after values of the attributes.

Once you are satisfied with the results, click Run to commit the changes to the target system.

Scripting
Use script to create your own field transforms using Visual Basic .Net and GroupID Synchronize’s integrated Script Editor. In a similar manner, you can also write scripts to dynamically determine where to create new objects within Active Directory or Exchange.

Simple transforms
Not a scripter? No problem, GroupID Synchronize provides simple transforms for the most common tasks including:
Resolve – Used to set the manager or managedby attribute in Active Directory
Join – Concatenate multiple attributes into one, useful for creating a full name (First Last) or display name (Last, First)
Static – Used to specify a constant value, supports environmental variables too
Many more…

Of course, you can use a scripted transform to perform virtually any calculation on a field if the built-in transforms do not meet your business needs.

Manage jobs
The GroupID Synchronize Console gives you a bird’s eye view of all your GroupID Synchronize jobs including information on when they will run, when they last run, how many objects were updated, created, deleted or unchanged.

Through the console you can manage your existing jobs, create new jobs, delete jobs, even preview changes a job would make to the target directory.

Support for multiple data sources
GroupID Synchronize synchronizes virtually any data source with Exchange and Active Directory. With GroupID Synchronize, you can import users from other databases, LDAP sources or other email systems like Notes, into Exchange or Active Directory. Use GroupID Synchronize in migration or update projects to synchronize two Exchange organizations or separate forests.

Provisioning
Use GroupID Synchronize to provision your Active Directory users. When GroupID Synchronize detects a new person in HR that is not in Active Directory, it can create the user. It can even mail-enable the user (Exchange) or create a contact instead, useful when connecting a CRM solution to Active Directory.

Synchronize multi-valued attributes
GroupID Synchronize allows you to synchronize or create multi valued attributes. Define a delimiter in either the source or destination and keep those pesky multi valued attributes accurate at all times.

Map fields
Mapping fields from your source to the target system is easy. Just select the field in the source system in the drop down box. You can transform the information by clicking the ellipsis (…).

Identity the relationship between the two systems by selecting the key field(s) – just check the checkbox.

If you are provisioning new accounts in the target system, you can select fields that are only populated when a new records is created by selecting the New only checkbox next to the field.

Configure notifications
GroupID Synchronize can notify you via email when a job runs. The notification includes whether the job succeeded or not, how many records were changed and the log file as an attachment.

Key benefits

Simple to deploy: No requirement for additional hardware
GroupID Synchronize installs on almost any Windows machine without the need for additional databases or requiring specially trained administrators.

Reliable: Uses Microsoft Windows installer technology
GroupID Synchronize can easily be deployed using Microsoft Windows Installer features, such as advertisement and silent install.

Built with Microsoft .NET
.NET provides simple management platform for all .NET applications. This means you can configure GroupID Synchronize using the Microsoft .NET Configuration Wizards.

Easy to Use: Intuitive job wizard
Spend more time learning about the data in your organization and less time learning the solution. GroupID Synchronize is easy to use. The job wizard automatically detects the schema of the systems you are connecting and maps fields accordingly.

Context-sensitive help
Press F1 anywhere in GroupID Synchronize for immediate assistance on the function you are using.

Built-in scheduling
“Set it and forget it.” Create a GroupID Synchronize job and update your directory on regular schedule.

Password Center

Easy to install

GroupID PasswordCenter is designed to be easy on the infrastructure. Installation and configuration can be done in less than a day and much of the configuration is shared with other GroupID modules. Once configured, enrollment notifications and group policy (GPO) is automated and encourages 100% participation.

Integrated with GroupID Self Service

Your users are already going to Self Service to manage their Active Directory identity information and groups; while there, they can manage their profile questions. This way you can be sure they will remember them once enrolled.

From an administrator point of view, your Self Service and PasswordCenter configurations are all in the same intuitive MMC interface.

No more help desk calls!

Over a third of help desk calls are forgotten passwords and locked out accounts. That is expensive. Reduce those calls by giving your users the tools to help themselves.

Password policy more stringent than Active Directory

This doesn’t have to be turned on, but you have the ability to enforce a stricter password complexity policy than Active Directory itself offers. The problem with complex passwords is that users forget them, but that isn’t a problem anymore, you have PasswordCenter! Your users can just reset them!

Multiple identity stores

Many of our clients want stricter question formats for highly privileged users or for executives with confidential access. This is easy to accomplish with multiple identity stores configurable by OU or domain.

Flexible question format

No one size fits all. When configuring your authentication questions, you have multiple options on how many questions to ask, types of answers, case sensitivity and more.

Client software or web access

Client software is distributed by group policy to all machines to enable the forgotten password link on the login screen. This allows users who forget their passwords or are locked out to easily solve this from their machine. There is also an option for web access to allow users to reset their passwords through a simple web page.

Multiple authentication options

Not all users will enroll right away but you want to stop the help desk calls immediately. You can turn on another authentication option (one time only if you wish) to authenticate them against a private attribute in Active Directory (SSN, employee ID or possibly something confidential in some other attribute).

Enrollment notifications

Self service password reset is useless if users don’t enroll so Password Center provides many options for notifying and harassing users until they enroll. Helpful reports are available upon login to the admin console to see just how well your users are doing. If you don’t like the looks of the report, send out a manual notification blast to all non-enrolled users on top of the automated reminders that you configure.