 Simple web interface, data integrity checks and customizable policies allow account administration without specific skills
 Account provisioning against Active Directory / Exchange 20xx, and flat files
Large companies typically need to maintain accounts in distributed and heterogeneous environments. Different systems are operated in different locations. In these environments aAPS guarantees that:
 Accounts may be managed by registration desks using a consistent and user friendly interface
 Centralized account management provides de-centralized provisioning
 Accounts are created according to specific company policies
 Orphaned accounts without well-known owners may be identified at any time
 E-mail addresses and usernames always remain unique.
 Every single action performed on the accounts is tracked for auditing aAPS is composed of different stand-alone modules, based on the user management module.
 Multiple distributed registration desks maintain their groups of users
 Rights and roles definable per registration desk
 Inconsistency checks report orphaned accounts and increase system security
 History reports document all committed actions

aAPS is built with Microsoft technology. A three tier architecture is used:
 The presentation layer generates the HTML code which is sent to the account administrator’s browser - IIS 6.0 or higher is used as a web server
 The business layer, provided by a set of configuration, makes sure that all required policies are followed and that only allowed operations are performed.
 The data layer incorporates SQL server 2005 and a data model optimized for account management.
The data model requires a subject entry to be associated with each account entry. The subject entry typically stores a person‘s base attributes (name, location, a.o.). Once a subject is registered, several accounts may be assigned. The aAPS™ provisioning agents make sure that the account information is delivered to the target system.
HR Source aAPS Powershell Registration Desks aAPS administrators
HR
Systems aAPS
MS Windows 2012 Server
MS IIS
WebServer
Web Interface
Active Directory
MS SQL Server 2012
Exchange
Lotus DOMINO
Database
Interfaces
Target Systems

The aAPS product is a customizable, harmonized and easy to use web portal. It offers several applications which help you manage the accounts and enforce corporate account standards .
A set of plug-ins and XML based configuration allows the aAPS product to be very flexible allowing configurable layout and definition of new fields, rules and validation in order to meet the customer needs.
It implements the presentation layer (web interface), the business layer (logic, security, configuration interface) and the data layer (data model, database independent - SQL Server 2005 out of the box).
 The Web GUI allows user friendly administration
 Intelligent list boxes consider appropriate values and user rights
 Configurable search fields, field positions and labels
 The PowerShell Scripting Interface allows massive operation

The aAPS Base handles Active Directory and Exchange management out of the box. The integration of additional platform systems is easy to achieve.
The web interface allow configurable pages to match the customer requirements and needs (adding new fields, modifying the layout and the position of the fields, adding/updating the business rules validation, hiding unused fields...).
The changes are effective without any restart of the application
 Configurable support for mailbox size management
 Native support for e-mail address aliases
The provisioning agents deliver the required account information to the target systems. If a subject is associated with an account or if an existing account is modified, the information required on the target system is written into an event table. The multi-threaded provisioning agents read the events table and perform the appropriate action on the target system. There must be one provisioning agent instance per target system (Active Directory Forest, Exchange 200x Organization, DOMINO Domain, a.o.).
Dynamic plug-ins can be used for specific provisioning tasks (creation of home directory ...)

The aAPS Group Management includes built in functionality for Active Directory security groups, E-mail Distribution lists (DOMINO, Exchange) and Dynamic Groups.
Custom validation rules and naming convention enforcement may be applied.
The History tracking is fully integrated to the base technology. aAPS takes care of every single modification occurring on any managed data. A web interface is provided to view the complete audit trail.
aAPS is built to allow additional tasks to be set up and integrated to aAPS without complex effort thanks to the aAPS API.

The aAPS Data Feeder is a dynamic and flexible scripting interface. Pre-defined PowerShell commands may be used to perform massive creations or modifications.
In addition, an HR Feeder is available, which allows synchronization of managed data between an HR source and the aAPS database. The field mapping rules can easily be defined using an
XML configuration file. Field authority rules may be defined in order to prevent modification of
HR data by aAPS administrators.
The aAPS Helpdesk allows the aAPS administrator with sufficient rights to reset passwords and unlock user accounts.
The aAPS Self Service allows end users to update their own information such as Telephone
Number, postal address, but also to unlock their account or reset their password. A sequence of custom questions is asked in order to identify the user.

 2 processors (recommended.)
 4 GB ram (min.)
 Windows 2012 Server R2
 Microsoft SQL Server 2012
 Microsoft Internet Information Server 7.0/8.0
 2 processors (recommended.)
 1 GB ram (min.)
 Windows 2008/2012 Server R2
An aAPS licensing fee is applied for every active account and charged on a yearly base.
There is no one time licensing cost.
The unit cost is driven by two parameters:
 Initial Contract duration
 Number of active accounts.