However, the EmpowerID Application Gateway provides an easy answer by providing a clear, simple, and secure way forward for your legacy apps:
- SSO for Legacy Apps and Microservices The Application Gateway is a lightweight microservice designed to embed modern security into legacy apps and to help your organization with their Zero Trust strategy.
- Multifactor Authentication Not only does MFA provide multi-level security but, with over 20 types available, it can also be used in a way to transition users easily to the ‘new’ means of logging in and authenticating.
- Granular Access Policies EmpowerID employs Policy-Based Access Controls to determine who can and cannot access your applications, web pages, or other resources.
- Eliminate Costly On-Premise Middleware and Databases There are several disadvantages of using onpremise systems, but one of the main ones is cost. Switching to a cloud-based alternative can save a quite considerable amount.
- Support Common On-Premise Integration Patterns All-in-one upheaval is rarely a good idea or practice. An added advantage of the Application Gateway is the ease of transformation…
Watch a short demo video of how EmpowerID’s Application Gateway determines…
SSO for Legacy Apps and Microservices
The Application Gateway is a lightweight microservice that secures per application access to your on-premise, cloud, and hybrid applications without a VPN. The gateway embeds modern security into traditional web apps and plays a key role in your organization's Zero Trust strategy
It also enables SSO for non-federated APIs and web applications by intercepting and servicing end-user requests with Federated OpenID Connect authentication. Organizations can deploy the Application Gateway centrally or distributed along-side applications and microservices.
Multifactor Authentication
With the Application Gateway, your organization can deploy and use adaptive multifactor (MFA) authentication and intelligent security from the cloud. Though modernized with federated SSO, the Application Gateway can also activate EmpowerID’s Multifactor Authentication and be used with older legacy applications.
Users are reluctant to change. However, you can overcome initial scepticism and then enhance continued use of MFA by implementing the specific options you need.
EmpowerID has over 20 MFA options to choose from, which will ensure a resistance-free transition to this new system. MFA options include One-time Passwords (OTP), FIDO/Yubikey tokens, 3rd parties such as DUO, as well as the EmpowerID Mobile phone app where users can get their login approved with a single click.
Furthermore, the Application Gateway is fully customizable and flexible, and your organization can specify application-specific policies that define the conditions and triggers for step-up or multifactor authentication.
Granular Access Policies
Real-time Policy-Based Access Controls (PBAC) are defined and enforced by the Application Gateway to determine who may or may not access applications or portions thereof.
PBAC policies are extremely powerful and flexible. To determine access, they leverage a combination of user roles and access assignments with attribute-based access control rules.
These attribute-based access control rules are based on attributes and contextual information about the user’s location, device, and risk score.
Together, these are calculated in real-time and a result given. This result is then compared with your access policy rules. The Application Gateway API will then allow or deny access to the API, web page, or resources, as appropriate.
One final and significant advantage of PBAC policies is that they require no coding and are easy to assign and administer by business and IT users.
Eliminate Costly On-Premise Middleware and Databases
The EmpowerID Application Gateway is a lightweight Cloud-focused alternative to your bulky legacy Web Access Management (WAM) solutions. Replacing them can easily reduce between 60% and 80% of your operational, identity infrastructure, and associated maintenance costs (Cser & Maxim, 2015, p. 7)
Support Common On-Premise Integration Patterns
Traditional on-premise applications were designed to support SSO using pre-federation technologies. However, the Application Gateway eases both transformation and integration by enabling already supported authentication patterns such as Kerberos, Integrated Windows Authentication, and Header-Based authentication.
(Note: even new microservices are often designed to rely on simple Header-Based authentication rather than complex federation logic.)