EmpowerID Products and Solutions
- Learning Center
Welcome to the Learning Center
Requiring users to prove who they are to receive access to a resource or an application they are trying to accessing defines the work of secure authentication. Single Sign-On (SSO) technologies make it possible for users to securely authenticate into all of their applications after providing their username and password just once, reducing the cost and effort of managing multiple usernames and passwords. For organizations looking to cut costs, or to encourage adoption and improve traffic to their platforms, SSO is an essential technology.
The typical organization uses a very diverse range of applications – from modern Cloud applications like Office 365 that can support current federation protocols, to older legacy applications that cannot be made to leverage these standards. Many SSO products are limited to applications that support federation protocols, but this is not a practical approach for the most organizations where these represent the majority of their applications.
EmpowerID solves the many challenges to successful single sign-on by offering the broadest range of SSO enabling technologies, including:
With a single company login, employees gain simple one-click access to all their cloud applications from their smartphones, tablets and computers. EmpowerID embraces Responsive Web Design to deliver a better user experience than every other competing application and platform. Built on HTML5 to handle the era of “Bring Your Own Device”, EmpowerID screens don’t just resize, they are reflowed to be attractive and to offer high usability on any platform on which they appear, whether a PDA, tablet, laptop or full-sized display. Users can claim accounts, register for accounts and have a simple click-to-authenticate to all on-premise and Cloud applications. Users don’t need to know whether you are federating, using Web Access Management or password vaulting; all they are required to know is just one username and password at one screen for access to all their federated applications.
The EmpowerID Federation server functions as an authentication hub allowing users to sign-in once with a user account in any trusted source (e.g. Active Directory, Azure Active Directory, SalesForce.com, Google, Facebook, Amazon, etc.) and then access participating applications without having to remember additional usernames and passwords. EmpowerID is a Cloud Single Sign-On and Identity Federation platform that supports all of the standard identity protocols – SAML, OpenID, WS-Trust, WS-Federation, and OAuth. The EmpowerID Federation server also includes a Security Token Service (STS) and an OAuth Server. The STS issues security tokens as defined in the WS-Security specification enabling the propagation of identity and security context between web services. The OAuth Server supports issuing OAuth 2.0 tokens for mobile application and API security.
EmpowerID leverages Microsoft’s Integrated Windows Authentication to seamlessly authenticate users that are already authenticated with their Windows domain. EmpowerID provides a lightweight authentication utility that integrates Active Directory without the need for an installation of EmpowerID on remote networks. EmpowerID also provides full-feature Active Directory management and user provisioning services for organizations wanting to fully automate management of their corporate Active Directory.
EmpowerID federated single sign-on and role-based access control for Microsoft SharePoint. EmpowerID plugs into the claims-based authentication support in SharePoint to act as the Claims Provider in the SharePoint security model controlling authentication and authorization. EmpowerID also inventories all SharePoint sites and groups allowing centralized role and workflow-based access control with built-in access recertification and separation of duties enforcement.
Web Access Management (WAM) provides single sign-on and policy-based access control to web resources for applications that do not support Federation. EmpowerID’s WAM solution gives you a powerful tool to achieve SSO for non-federated web applications. EmpowerID WAM supports SSO via the use of agents that run on the Java and .NET application servers and intercept each request for a web resource or by the use of the EmpowerID Reverse Proxy which stands in front of the web application and services end user requests. In each case, requests are intercepted and access is authorized by the powerful EmpowerID Role-Based and Attribute-Based authorization policies.
EmpowerID centralizes the management of user authorization for customers, partners and employees across all web applications through a shared service. EmpowerID’s advanced policy engine allows organizations to define a user’s access to a diverse set of corporate and cloud-hosted resources via flexible role and attribute-based access control rules. This centralized authorization service greatly reduces development costs by allowing developers to focus on the application’s business logic instead of programming security policies into application code.
Password vaulting provides a secure way to access those applications that don’t support a password-free single sign-on protocol like SAML. EmpowerID stores the passwords securely server-side and injects them into an application’s login page during sign-on. A common usage for password vaulting is Shared Credentials. EmpowerID enables users to securely share logins for applications that don’t natively support multiple users without having to disclose the password.
The integrated EmpowerID RADIUS Server provides RADIUS strong authentication to firewalls, network devices and VPN servers within your network infrastructure. EmpowerID verifies the credentials against the Identity Warehouse or connected directories like Active Directory and enforces strong authentication policies requiring multi-factor authentication.
Multi-factor authentication can be enabled as a requirement by policy or users may opt in to increase their personal security. Multi-factor authentication options include device authentication, one time passwords sent to mobile phones, knowledge-based authentication (Q&A), and a standards compliant OATH server for issuing hardware or software one time password tokens. Multi-factor authentication services are leveraged for all types of authentication including web SSO, LDAP, and RADIUS and can be enabled for adaptive authentication when users are accessing specific applications or other conditions are met.