Sharepoint Manager

Single Sign-On and Role-Based Access Control


EmpowerID SharePoint Manager provides federated single sign-on and role-based access control for Microsoft SharePoint. SharePoint Manager leverages the new claims-based authentication support in SharePoint 2010/2013 to allow EmpowerID to act as the Claims Provider or a Claims Augmentation Provider in the SharePoint security model.


As a SharePoint Claims Provider, users are redirected to the EmpowerID federated log-in page when logging into SharePoint. As a federated single sign-on provider, EmpowerID acts as an authentication hub allowing federation trusts to be established between EmpowerID and other major Identity Providers using industry-standard protocols like SAML, WS-Federation, and OAuth. Organizations can allow users to login to SharePoint using their username and password from any trusted system such as Active Directory, Google, Facebook, Office 365, Active Directory Azure, among others while adding on more stringent security controls such as enforcing device registration and second-factor authentication.


In addition to providing single sign-on, EmpowerID can serve as a “Claims Augmentation Provider” of role-based and fine-grained access control for SharePoint in situations where another system such as Active Directory Federation Services, performs the user authentication. In either mode, EmpowerID becomes an extension of the authorization system inside SharePoint, determining who has access to which protected sites and content.


EmpowerID’s powerful hybrid RBAC and ABAC model can be used directly inside SharePoint’s People Picker user interface to grant access to sites, lists, documents, etc. The People Picker allows end-users to search and select any EmpowerID security object such as People, Groups, Roles and dynamic collections just as they would normally search for users or groups. The EmpowerID RBAC system allows content owners and security administrators to use flexible and dynamically maintained role-based assignments when managing SharePoint permissions. The dynamic nature of these roles can dramatically reduce the administrative burden of manually setting security assignments and automates access granting and revocation based on changes in user’s job status, function or location.


Key Benefits:

  • Saves time by automating assignment and revocation of user access permissions to SharePoint sites and content-based job status, job function, and location
  • Strengthens security by adding controls to the login process including as enforced device registration and second-factor authentication
  • Increases revenue opportunities by allowing partners and customers to quickly register and login using their existing corporate or Social Media logins from sites like Google, Facebook, and Windows Live
  • Saves money by simplifying and unifying SharePoint permission administration with a single centralized management tool
  • Reduces risk and prevents privilege accumulation by linking SharePoint permissions to a user’s current job function and using Separation of Duties (SoD) policies to detect toxic permission combinations

Key Features:

  • Functions as a SharePoint Claims Provider (IdP) and Claims Augmentation Provider to enable Role-Based and fine-grained access control
  • Seamless integration into the SharePoint security model and user interfaces like the People Picker
  • Self-service workflows allow end-users to request access to sites, lists, document libraries, folders, and documents
  • Supports all of the standard federation protocols including SAML, WS-Federation, and OAuth
  • Automates granting and revoking SharePoint access as users change job duties or moves between departments and locations within an organization
  • Supports a large number of Internet and Corporate Identity Providers including Active Directory, LDAP, Facebook, Twitter, SalesForce.com, Google, Yahoo, and others
  • Fully programmable, allowing the Workflow Studio to create custom Claims Extensions for generating on-demand fine-grained access control policies that are evaluated at login time
  • A single management console allows full management of SharePoint sites, lists, folders, and documents in the same interface for managing users, groups, Exchange mailboxes, etc.
Call Toll Free:
1.877-996-4276