In this section, we look at the following:

  • SSO Application Dashboard – is attractive, easy to use, and responsive on any device. It provides high usability for all user functions including 1-click Adaptive Multifactor Authentication access and single company login.
  • Standards-Based Federation Server – supporting all major identity protocols means EmpowerID’s Cloud SSO and Identity Federation platform offers seamless recognition, minimal delays, and flawless, uninterrupted service.
  • Active Directory Integration – EmpowerID’s lightweight authentication utility and Microsoft’s own integrated Windows Authentication facilitates smooth authentication of Windows domain users.
  • Social Login – EmpowerID’s federation means that your users can login using their existing social media authentication methods, including Facebook, Twitter, LinkedIn, etc.
  • Integrate with Existing Systems – EmpowerID’s broad support for federation standards and huge library of connectors makes integrating with your existing systems easy.

Here is a short demo video of the end user SSO experience.

Watch a short demo video of the EmpowerID End User SSO experience:

SSO Application Dashboard

With a single set of credentials, and from any of their devices, users gain simple one-click access to all their applications in the Cloud and on-premise. Using existing credentials, users one click sign into their personalized web portal and access their assigned business apps
For your organization, simple, easy to use SSO is a first step in building trusted experiences for your workforce, your customers, and your partners.
EmpowerID’s policy-driven, adaptive Multifactor Authentication (MFA) ensures that only authorized users get access to sensitive data.
Our userfriendly self-service interface empowers users to claim their accounts, register for new accounts, and also use a simple click-to-authenticate process to access all on-premise and Cloud applications.
SSO, using Web Access Management (WAM) or password vaulting, is transparent to users, who only need to input one username and password at one screen for access to all their applications.

Standards-Based Federation Server

EmpowerID is a Cloud Single Sign-On and Identity Federation platform that supports all major identity protocols including OpenID Connect and SAML
EmpowerID’s Federation server acts as a flexible authentication hub designed to work with any Identity Provider (IdP) and easily connect users with SaaS and even homegrown applications.
It enables users to sign-in once in any trusted source, e.g. Active Directory, Google, Facebook, Office 365, etc., to gain access to all participating applications.
The EmpowerID Federation server also supports your mobile and microservice application developers with an integrated Security Token Service (STS) and OAuth Server.

Active Directory Integration

SSO to web applications is seamless for corporate users who have already been authenticated with their Windows domain.
Internal employees are automatically logged in to web applications based on their trusted Windows login. Partners can be provided with the same capability allowing them to use their own corporate credentials without requiring complicated federation connections.
EmpowerID provides a lightweight authentication utility that integrates with Active Directory and with no need to install EmpowerID on remote networks.

Social Login

EmpowerID allows users to login using their social media credentials from services such as Twitter, LinkedIn, Facebook, Google+, or almost any other social media provider. Implementing social login with EmpowerID is easy and provides frictionless sign-up and sign-in processes for customers and partners.

Integrate with Existing Systems

Many organizations already have an SSO infrastructure in place, so the ability to integrate with these systems is essential.
EmpowerID's broad support for federation standards makes it easy to integrate with existing SSO solutions such as Microsoft ADFS, Ping, Okta, OneLogin, and others.
The seamless integration allows users an uninterrupted SSO experience regardless of which identity they select for authentication or application to which they wish to login.

Web Access Management

EmpowerID’s Web Access Management (WAM) solution gives you a powerful tool to achieve SSO for applications that do not support federation. EmpowerID WAM supports non-federated SSO by intercepting and servicing end-user requests. This can be accomplished in two different ways. Agents that run on the Java and .NET application servers can intercept each request for a web resource, or you can use the EmpowerID Reverse Proxy, which stands in front of the web application and services end-user requests. In each case, requests are intercepted, and access is authorized by powerful EmpowerID policies for Role-Based and Attribute-Based authorization.

Policy-Based Access Control

EmpowerID uses a shared service to centralize the management of user authorization for customers, partners and employees across all web applications. EmpowerID’s advanced policy engine allows organizations great flexibility in defining a user’s access to corporate and cloud-hosted resources. Using flexible, role and attribute-based access control rules, this centralized authorization service greatly reduces development costs by allowing developers to focus on the application’s business logic instead of programming security policies into application code.

Identity Warehouse and Sync Services

EmpowerID is a complete platform that offers comprehensive Identity Warehouse, virtual directory, Role-Based Access Control and workflow automation services from a single codebase. EmpowerID’s Identity Warehouse is a multi-tenanted directory service that stores the relationship of a Person to the accounts they own, for both traditional identity management and single sign-on. The Identity Warehouse is a key component in any SSO solution architecture and enables organizations to house external identities without compromising internal AD security. External users can securely authenticate against the EmpowerID Identity Warehouse using single or multi-factor authentication, to gain controlled access to the applications you grant them. The Identity Warehouse provides full, self-service, delegated administration capabilities that allow end-users to manage their own passwords and identity associations. With additional modules and connectors, EmpowerID can provision users into almost any type of system or directory, all from a single console.

LDAP Virtual Directory

The EmpowerID Virtual Directory unifies all of the different directories in your organization into a single LDAP Directory access point. Many applications and operating systems support using an LDAP directory for centralized authentication and authorization, but most only support the use of a single directory. Since most enterprise architectures maintain separate directories for internal and external users, the EmpowerID virtual directory solves this integration challenge. A virtual directory also addresses the challenge of delegated authentication by allowing separate authentication paths for internal and external users. Internal users can authenticate directly against Active Directory, while external users can be authenticated by the EmpowerID Identity Warehouse, eliminating the need to synchronize passwords. The Virtual Directory also supports acting as the primary authentication directory for Linux and Mac OS devices.

Request more information or a demonstration

Single Sign-On for VPN

The integrated EmpowerID RADIUS Server provides RADIUS strong authentication to firewalls, network devices and VPN servers within your network infrastructure. EmpowerID verifies user credentials against the Identity Warehouse or against connected directories like Active Directory. EmpowerID SSO for VPN enforces strong authentication policies, by requiring multi-factor authentication.

Adaptive Multi-Factor Authentication

EmpowerID includes a powerful adaptive authentication engine that analyzes contextual information such as the IP address of the user, the device they are using, and other factors to dynamically asses the risk of each login. If a risk is identified, a strong second factor can be required to prove the user's identity. To ease user adoption, 24+ multi-factor authentication options are available, including device authentication, one-time passwords sent to mobile phones, Yubikey Universal 2nd Factor Authentication, Duo Push, knowledge-based authentication (Q&A), and an OATH token server for issuing one-time password tokens. Our wide range of options ensures that every user can perform a strong authentication with minimal hassle even from their mobile devices. Multi-factor authentication services can be used for all types of authentication, including web SSO, LDAP, and RADIUS.

Request more information or a demonstration

Learn more about other products