Managing External Identities

Today’s identity management extends beyond your corporate boundaries and it is more than employees and contractors – there is a diverse range of external identities that you have to manage. These partners, suppliers, customers and prospects need access to web applications, SharePoint and secure content. You need to know who they are and what they will be allowed to do. EmpowerID manages these identities in its Identity Warehouse with all of the RBAC, authorization, authentication, workflow and auditing that comes from a comprehensive Identity & Access Management platform.

Multi-Tenant Extranet Directory

EmpowerID’s Identity Warehouse is multi-tenanted directory service that is a key component in any SSO solution architecture enabling organizations to house external identities without compromising internal AD security. External users can securely authenticate against the EmpowerID Identity Warehouse using single or multi-factor authentication and gain access to only the applications you want to grant to them. Secure workflow-based self-service and delegated administration by each partner allows them to perform limited administration for only the identities in their tenancy. Rich self-service facilities include customer registration workflows to give external users the ability to self-provision with minimal rights and other workflows to approve additional access based on your business rules and processes. The Identity Warehouse and connected directories are exposed to applications as a single LDAP compliant directory making it ideal for use as an extranet directory.

SSO and Active Directory Integration

External users need access to your internal resources but don’t want to remember another username and password. EmpowerID’s provides a lightweight component to easily integrate customer Active Directories or their Federation services to provide a simple process for external users to log in to your internal applications. EmpowerID allows you to leverage a partner’s native corporate credentials to enable transparent access to your SaaS applications for their users.

Social Media Login

Not all users of your systems are corporate users, but providers and users still benefit from the ease of use and reduced access time that SSO provides, which in turn drives adoption. EmpowerID federates with Twitter, Facebook, or almost any other social media account, leveraging your users’ existing social media authentication. You can allow your own internal users to log in to your applications or extranet using social media credentials to which they have already authenticated.

SSO for Non-SAML Compliant Applications

Many popular SSO tools only address current generation SAML-compliant applications that work in federated SSO scenarios. EmpowerID extends SSO to non-SAML compliant applications with a variety of technology options including Web Access Management agents, a reverse proxy server, an integrated LDAP Virtual Directory Service, and a RADIUS server. This alone can mean the difference between making a project possible instead of delaying it by months or even years while achieving savings that can run into the hundreds of thousands of dollars by avoiding the rewriting of legacy applications.

Role and Attribute-Based Delegation

Authorization is a critical concern, and many products focus only on authentication. EmpowerID’s comprehensive platform approach includes a robust, integrated Role-Based Access Control (RBAC) engine that gives you unlimited flexibility to manage the access of your external users. You can control access to internal resources and applications based on roles assigned to external users, ensuring that prospects, customers and suppliers each have the appropriate rights and access to what they need while being prevented access to the resources they do not need.

Identity Platform for Application Developers

Software as a Service (SaaS) vendors and organizations that develop their own applications have full Identity and Access Management (IAM) needs, not just SSO. EmpowerID offers extensive API integration so that the IAM capabilities available from within EmpowerID’s user interfaces are also available to external application developers. Any EmpowerID IAM workflow can easily be triggered via the API using RESTful web services, SOAP, or WCF. The Identity Warehouse and connected directories are exposed to applications as a single LDAP compliant directory making it a rich authoritative source for applications. EmpowerID’s Web Access Management capabilities are available through reverse proxy or agent options, providing URL authorization without application modifications. EmpowerID is the most flexible and powerful IAM solution for all of the needs of a SaaS vendor.

Call Toll Free: