EmpowerID Products and Solutions
- Learning Center
Welcome to the Learning Center
The EmpowerID platform includes a standards-based Federation Server that supports the SAML, WS-Federation, and OAuth protocols for achieving single sign-on. In a federated security model, applications dubbed “Service Providers” (SP) rely on trusted Identity Providers (IdP) or Security Token Service (STS) for authentication. This separation of authentication from the applications themselves allows for greater flexibility to support users logging into applications with a single username and password as long as it is from a trusted Identity Provider.
EmpowerID acts as both a Service Provider and an Identity Provider. When operating as a Service Provider, EmpowerID supports authentication from any trusted Identity Provider. When operating as an Identity Provider it functions as an authentication hub, allowing federation trusts to be established with all major Identity Providers using industry-standard protocols like SAML, WS-Federation, and OAuth. This trust relationship simplifies the creation and maintenance of federation trusts as an organization must only configure their applications to trust one Identity Provider, EmpowerID. EmpowerID then acts as a powerful authentication hub allowing users to sign-in with a login from any trusted system (e.g. Active Directory, Google, Facebook, Windows Live, etc.) while adding on more stringent security controls such as enforcing device registration and second-factor authentication.
A unique feature of the EmpowerID Federation platform is its extensive programmability. EmpowerID Workflow Studio provides wizards and code editors for easily creating complex SAML and WS-Federation claims extensions that can be used by applications for authorization. As an example, EmpowerID claims extensions allow information from any enterprise system to be used for assigning role-based permissions with Microsoft SharePoint 2010/2013.