EmpowerID Inserts Intelligence into 2013 SharePoint People Picker

Posted by Chris Hayes on Wed, Jun 24, 2015

EID SP

The SharePoint 2013 People Picker is the tool you use to find and select users, groups and claims to grant someone a permission to a site in SharePoint.  The SharePoint 2013 People Picker is heavily dependent on how authentication is configured for your site so you need to ensure your SAML or claim provider is intelligent.

Don't let this happen to you

All claim providers created equally!

Today the most common issue SharePoint administrators find with an authentication claim provider is that any name you type in the People Picker, SharePoint will accept.  Even worse, with a typical claims provider you can type nonsense and you will see two results, neither of them valid!

Not Valid

Credit:Kirk Evans Microsoft Blog

This is not because the SharePoint People Picker needs to be fixed, it's working as designed, it is a result of the claim provider.

The EmpowerID SharePoint Manager solves this problem, we have created the most intelligent claim provider in the market today.  In doing so we set out to do 4 things which will have a huge impact on the day to day operations of your SharePoint site.


1. Create the most intelligent claim provider in the world.  We didn't stop at providing intelligent responses to the query, we also segregate the data so that delegated administrators can only view results for data that they can see.  This is a very important point, if a business partner administrator wants to grant someone rights to a site the EmpowerID data filtering and masking is still maintained.

Screen Shot 06 24 15 at 10.18 AM

2. Provide SharePoint "web parts".  This is technology that allows users to find new sites and request access to it.  It also allows site administrators to approve site access, all directly within SharePoint.Screen Shot 06 24 15 at 10.09 AM
3. Fully support federated or claims based authentication into SharePoint.  Users can authenticate with EmpowerID, bring their own social identity or use another.

Screen Shot 06 24 15 at 10.03 AM


4. Answer the "Why" question.  Why does someone have access and when was it granted?  The other side a SharePoint claim provider is tracking these finer details.  EmpowerID includes full certification and attestation for SharePoint access, this provides your enterprise with a host of risk controls not previously available.

Screen Shot 06 24 15 at 10.25 AM

Want to know more?

Watch a previously recorded webinar that discusses these points here

click the button to request more information.

Request a Demo
EID SPFull resized 600


Tags: Single Sign-on (SSO), authentication, Governance and Regulatory Compliance, Federation, User provisioning, Data Governance, Attestation, consumers, SAML, SharePoint, Access Governance, SSO

Data breaches continue to grow in Healthcare sector

Posted by Chris Hayes on Tue, May 26, 2015

Internal employees continue to pose biggest risk in security breaches.

Screen Shot 05 26 15 at 10.13 AM resized 600

Latest Experian security forecast - Cost of breaches in the healthcare industry could reach $5.6 billion annually.

How will the next identity spill happen?  The latest Experian data breach industry forecast points to your employees being the biggest threat.  Stronger external authentication and tighter protocols continue to miss the mark.  Employee negligence will continue to be the leading cause of security incidents in 2015.

Experian goes on to state that Healthcare breaches will continue to grow this year.  With the huge challenge of securing such a significant amount of data, the problem becomes even more serious when organizations are faced with a shortage of internal expertise.  With the majority of breaches originating from inside company walls, the report clearly indicates business leaders need to fight the root cause of data breaches rather than buy the latest security widgets.

What are some steps that you can take in your organization to prevent the next identity spill?

Preforming regular certification/attestation of access – At any time you need to be able to snapshot the access granted to a resource by roles, locations and person accounts.  Security assignments should be automated, but access should be certified and routed to an appropriate authorized person for review.  This review should verify the access and certify if it is valid or not.  A tool like EmpowerID makes certifications easy for the organization with scheduled certification and attestation policies that can be run and audited.

Implement automated provisioning/deprovisioning – Role based or attribute based access needs to be automatically and immediately provisioned or deprovisioned.  When an employee’s role changes, the resultant set of access needs to be calculated instantly.  Some application and resource access will be taken away and some will be granted.  Absence of role based deprovisioning is a root cause of an employee having too much access.  EmpowerID takes provisioning to the next level by allowing you to provision and deprovision based upon roles in the organization.

Implement RBAC & ABAC controls - You need an RBAC/ABAC engine to continuously evaluate how much access someone should or shouldn't have.  EmpowerID uses a hybrid approach with RBAC and ABAC adding in rules and even Separation of Duties enforcement.

Control access to applications via a central identity provider - Having users log into apps with a separate username and password is a recipe for disaster.  An IdP allows you to centrally validate someone’s identity and then assert that identity into applications wherever they are.  The EmpowerID IdP allows employees to search for applications that are granted for their role, removes ones that are not granted and provides the SSO into the application.

Provide Self-Service password reset - Let's face it, this not only tightens up security, but saves a lot of money.  EmpowerID provides full detailed audit trails of anything account related such as who changed the password, who approved it and more.

Implement strong authentication, regardless of the application - There are a lot of ways to get into your network.  The VPN, the email server and SaaS applications are all exposed entries into the protected network.  Do they all have the same authentication capabilities?  You need an authentication service that supports all the protocols, not just those most used.  EmpowerID can step up authentication at any level for any service.  The VPN, the routers, the SaaS apps, SharePoint, it doesn't matter.

The bottom line is this, an ounce of prevention is better than a pound of cure.  According to Experian the average cost per lost record is just under $200 dollars, with average total impact cost to your organization just under $4 million.  Click through below and let us show you how easy it is to automate access and control privilege in your environment.

Request a Demo

Tags: GRC, authentication, IAG, IAM, Identity and Access Management (IAM), Access Governance

EmpowerID Named Overall Leader in IAM / IAG Suites

Posted by Patrick Parker on Thu, Feb 05, 2015

Rating graph

EmpowerID has been recognized as a three time leader in a recent KuppingerCole report evaluating Identity and Access Management (IAM) / Identity Access Governance (IAG) Product Suites.

The IAM/IAG Leadership Compass “focuses on complete IAM/IAG (Identity Access Management/Governance) suites that ideally cover all major areas of IAM/IAG as a fully integrated offering,” Martin Kuppinger wrote in the report.

KuppingerCole, a respected global analyst focused on Information Security, examined Identity and Access Management / Governance Suites for this report. They specifically evaluated products that are integrated solutions with a broader scope than single-purpose products. Martin Kuppinger concluded in the report, “With their Windows-based product they [EmpowerID] offer one of the best integrated IAM Suites. All components have been built by EmpowerID, allowing for tight integration into a well thought-out architecture. This integrated approach is a clear strength of EmpowerID."

To request an unabridged copy of the the KuppingerCole report on IAM/IAG Suites, please visit http://info.empowerid.com/download-the-free-kuppingercole-iam-suites-leadership-compass.

Tags: Role Based Access Control (RBAC), GRC, authentication, IAG, IAM, Group Management, Governance and Regulatory Compliance, Identity Management, Federation, User provisioning, Attestation, Separation of Duties, Identity and Access Management (IAM), Access Governance

B2C Single Sign On & Identity Management That Wins Over Consumers

Posted by Bradford Mandell on Mon, Oct 20, 2014

                              describe the image

Organizations that manage successful brands know what their customers want from a website experience and are able to provide it.

Consumers want simpler processes.  

They want a quick, seamless authentication experience. 

They want to get to a site from any device that is handy at the time, whether it’s a pc, a tablet or a smartphone.

They have lots of choices and they are bombarded with lots of information. Your branding must be visible and the flow of your customer through your site must be smooth so they will have a positive experience, remember you and want to return.

And your security for their identity needs to protect them and you without being obtrusive.

Your prize, if you capture consumers with a well-designed web presence, is a solid foundation for  business growth, faster fulfilment of your clients’ needs, and substantially greater efficiencies that can  reduce costs and drive profitability.

And of course you are supposed to accommodate all that and keep to a modest IT budget… phew!  

Here’s what it’s going to take:

  • A highly scalable Single Sign On (SSO) and Identity and Access Management (IAM) platform – one that can take you where your ambition wants to go.  Your IAM infrastructure may need to manage millions of users and tens of thousands of logins an hour.
  • Flexible branding – the login process can’t be generic, it and related Single Sign On (SSO) pages need to be customizable to your themes.
  • Support for social media logins is a must if you want to simplify the user experience and entice the widest number of users possible.
  • Self-service password reset and challenge questions that allows consumers to quickly get back in to your site if they forget their username or their password.
  • 2nd factor authentication capabilities and even identity validation will be needed if you need to provide an extra level of protection for your data or resources.  You may want the ability to step up authorization when a user needs to access more sensitive information.
  • A flexible API is another core need – on that can be embedded into your existing applications to connect to common authentication, provisioning and authorization processes.
  • You will want a licensing model that scales from a modest user base to one that is still affordable if you exceed your best expectations.
  • And while many SSO platforms claim that you can easily entrust provisioning to another platform that they can connect to, that’s going to cost you more money to develop, to implement and to support. So you will want a platform that is capable of integrating all of your essential identity management tasks from the start.
  • There is a lot of other technical stuff that you are going to want, like compatibility with all the major standards (SAML, WS-Fed, OAuth), password vaulting and reverse proxy for those legacy apps that can’t make a standard federated connection, but that still need to talk to your federated environment (because throwing out everything you own to pave way for new standards isn’t always practical).

There is a solution that provides all of the above: EmpowerID. 

EmpowerID is an integrated and modular platform, built on a single codebase and driven by workflow with prebuilt one-to-many SSO and Identity Management scenarios with the needs of consumers in mind. 

EmpowerID’s visual workflow designer and adaptive HTML5 interfaces offer a vastly improved and simplified approach to traditional SSO and IAM challenges.  It can be stood up in just a few days or weeks depending on the customization desired, instead of the months that other applications take. 

Most importantly, EmpowerID supports a satisfying access experience for consumers and drives strong ROI with its secure, seamless and flexible identity processes.  

                                                   Request a Demo

Tags: WS-Fed, authentication, Identity Management, Federation, consumers, SAML, Single Sign-on, Password management, SSO, social media