EmpowerID Products and Solutions
- Learning Center
Welcome to the Learning Center
The vast array of mobile computing devices available to users has presented a unique challenge to system managers: how to encourage productivity from any location and from any number of possible devices and platforms, while presenting a consistent user experience that doesn’t compromise security. EmpowerID brings it all together with a new HTML5 “Responsive Web Design” UI that creates a highly readable format for different size devices, rather than just shrinking or enlarging the same screens, while offering the same levels of functionality and security that are available to fixed platforms.
EmpowerID allows you to enable, link, track, manage and disable multiple devices by user, while delivering consistent role-based access to applications from multiple platforms. Organizations are able to regain control over mobile access with EmpowerID’s ability to enforce the same access, compliance and governance policies across all enrolled user devices. EmpowerID offers flexible support for multi-factor authentication to ensure that a user is positively identified and that secure access to corporate resources is maintained with any device being used for access.
EmpowerID offers the only mobile client for Identity and Access Management that does not limit the user’s experience to a subset of functionality. EmpowerID opens up the full range of workflows and self-service features available to EmpowerID desktop users to users on mobile phones and tablets. EmpowerID achieves this by embracing Responsive Web Design to deliver a better user experience than every other competing application and platform. Built on HTML5 to handle the era of “Bring Your Own Device”, EmpowerID screens don’t just resize, they are reflowed to be attractive and to offer high usability on any platform on which they appear, whether a PDA, tablet, laptop, or full-sized display. Users can run hundreds of Identity Management and Self-service workflows to request access to applications, groups, file shares and SharePoint sites; reset forgotten passwords; approve workflow tasks; and have a simple click-to-authenticate Single Sign-On to on-premise and Cloud applications.
Regardless of whether your mobile application users are leveraging an Active Directory login, an EmpowerID login, or a Social Media login, you maintain control with the ability to automatically disable a user and to revoke their associated OAuth tokens when they leave the organization. EmpowerID integrates with user information stores such as Active Directory and HR systems to automatically enable access when a user joins an organization and to revoke this access when they leave. Application access polices can be driven by Active Directory security groups, HR position information, and EmpowerID roles.
Extending identity beyond an organization’s walls and on to highly mobile devices requires additional capabilities to validate the identity of the user in conjunction with proof of their control of the mobile device. EmpowerID provides multi-factor authentication that can be required by flexible context aware policies or enabled when users opt in for increased security. Multi-factor authentication options include device authentication, one time passwords sent to mobile phones, knowledge-based authentication (Q&A), and a standards compliant OATH server for issuing hardware or software one time password tokens.
For mobile application developers, EmpowerID offers an extensive API supporting Single Sign-On, as well as the ability to programmatically access all of the IAM capabilities available from within EmpowerID, including: identity provisioning; password resets; application role-assignments; and attribute updates. These functions can be exposed in a variety of formats including RESTful, WCF, and SOAP web services. For mobile application authentication and authorization, EmpowerID includes both an OAuth server and a Security Token Service (STS). The OAuth server supports issuing OAuth 2.0 tokens and providing RBAC and ABAC-based authorization for RESTful APIs. The STS issues security tokens that are compliant with the WS-Security specification and propagates the identity and security context between web services.