Patrick Parker

Recent Posts

EmpowerID Named Overall Leader in IAM / IAG Suites

Posted by Patrick Parker on Thu, Feb 05, 2015

Rating graph

EmpowerID has been recognized as a three time leader in a recent KuppingerCole report evaluating Identity and Access Management (IAM) / Identity Access Governance (IAG) Product Suites.

The IAM/IAG Leadership Compass “focuses on complete IAM/IAG (Identity Access Management/Governance) suites that ideally cover all major areas of IAM/IAG as a fully integrated offering,” Martin Kuppinger wrote in the report.

KuppingerCole, a respected global analyst focused on Information Security, examined Identity and Access Management / Governance Suites for this report. They specifically evaluated products that are integrated solutions with a broader scope than single-purpose products. Martin Kuppinger concluded in the report, “With their Windows-based product they [EmpowerID] offer one of the best integrated IAM Suites. All components have been built by EmpowerID, allowing for tight integration into a well thought-out architecture. This integrated approach is a clear strength of EmpowerID."

To request an unabridged copy of the the KuppingerCole report on IAM/IAG Suites, please visit http://info.empowerid.com/download-the-free-kuppingercole-iam-suites-leadership-compass.

Tags: Role Based Access Control (RBAC), GRC, authentication, IAG, IAM, Group Management, Governance and Regulatory Compliance, Identity Management, Federation, User provisioning, Attestation, Separation of Duties, Identity and Access Management (IAM), Access Governance

SSO and Delegated Management Module for Office 365 Released

Posted by Patrick Parker on Fri, Sep 12, 2014

365 banner resized 600

Yesterday we announced the release of Office 365 Manager, a new module that enables organizations to extend their existing on-premise security and audit control model to the Microsoft Office 365 and Azure Active Directory Cloud. We have also released a new web site dedicated to information on Office 365 Manager. The new site is located at http://office365.empowerID.com.

We are seeing rapid adoption of Office 365 to reduce the cost of IT operations. Office 365, however, is presenting our customers with some security and management challenges because it offers only basic audit controls and a limited ability to delegate administrative tasks. Our new Office 365 Manager provides organizations with the first and only Identity and Access Management solution that applies existing security practices for on-premise Active Directory and Exchange to the management of Office 365 in the Cloud.

Office 365 Manager allows organizations to leverage the same secure delegation and flexible administration model that they use for their behind the firewall systems. It addresses a key shortcoming of Office 365 which runs on Azure Active Directory and lacks a hierarchical structure that forces the placement of all users, groups, mailboxes and contacts in a single location. By extending the existing structure of a customer’s on-premise Active Directory, LDAP, or HR system to Office 365, Office 365 Manager can securely delegate responsibilities by role, department, business unit and location.

With Office 365 Manager's Single Sign-On capabilities, your internal users can continue to use their existing Active Directory username and password when logging in to Outlook, OWA, Lync, and SharePoint after they have been migrated to the Office 365 cloud. External partners or customers can leverage Social Media logins, your own branded EmpowerID login, or even their remote corporate AD credentials.

Top 10 features and benefits of the new Office 365 Manager:

1.    Role-Based Delegated Administration to Reduce IT Staff Workload 
2.    Automated Provisioning and Sync for Better Productivity and Security 
3.    Dynamic Group Management for Improved Group Security 
4.    Single Sign-On for Ease of Use 
5.    Multi-Factor Authentication for Improved Access Security 
6.    Mobile Device Security (BYOD) To Properly Secure Mobile Device Access 
7.    Self-Service Password Management to Reduce Help Desk Workload 
8.    Shopping Cart Style Self-Service to Automate Request Fulfillment and Audit Tracking 
9.    Access Recertification and Audit Reporting For Better Access Governance 
10.     Mailbox and Folder Permission Audit, Management, and Self-Service for Improved Productivity and Governance

 

                                               Secure  Office 365  Today!

Tags: Single Sign-on (SSO), Role Based Access Control (RBAC), User provisioning, Office 365

What is federation? And how is it different from SSO?

Posted by Patrick Parker on Fri, Jun 08, 2012

what is federationWhile having a discussion with a partner this week, he pointed out that enterprise single sign-on and federation are being confused much less often these days.  That led me to asking a few people what the difference is and finding that there is still confusion about the two.

So what is federation?  And how is it different from Single Sign-on (SSO)?

SSO is an umbrella term for any time a user can login to multiple applications while only authenticating once.  It covers both federation and password vaulting which is more commonly known as “Enterprise SSO”.  The main difference is that federation eliminates the requirement to use and remember passwords and Enterprise SSO doesn’t.

Federation allows single sign-on (SSO) without passwords – the federation server knows the username for a Person in each application and presents that application with a token that says, " this Person is domain\johndoe or johndoe@example.com".  No password is required for the user to login to each system.  Because of the trust between the two systems, the target application accepts this token and authenticates the user.

The federation server passes that token using one of the standard identity protocols: SAML, OpenID, WS-Trust, WS-Federation and OAuth.  The benefit to federation is security and authentication into both on premise and cloud applications.

Enterprise SSO is when the applications all still require that a password be sent to login, but the software handles storing it and automatically retrieving it for the user and inputting it into the application for an automatic login. The user still has a password for each system that must be provided to login, must be changed on a regular basis, etc. 

I like analogies; in my mind, Identity federation is like an amusement park.  With Enterprise SSO (ESSO), you get into the amusement park but still need a ticket for each ride (think Santa Cruz Beach Boardwalk).  With federation, you get into the amusement park but have a wristband that every ride operator recognizes and lets you on (think Disneyland).  Feel free to use this one.

Even understanding this distinction, there are a lot of different implementation scenarios depending on whether you are initially authenticating on network or in the cloud, whether you are signing in to cloud or on-premise apps, or whether you want to manage Identity as a Service (IDaaS).  Download our whitepaper on the Top 5 Federated Single Sign-on Scenarios to see which one best fits your requirements.

Click me

Tags: Single Sign-on (SSO)