I have often said that to see EmpowerID is to love EmpowerID. The reason is that when clients are looking for Identity & Access Management (IAM) solutions they fall in love with the idea of a complete IAM platform, one built from scratch on a single codebase that allows for seamless integration of user provisioning and management, access governance, federation, and audit intelligence.
Having these pieces together and interoperable gives the ability to integrate workflows that marry authentication and authorization in one place. When provisioning a user account, you can create application accounts based on their role. You can force a second level authentication if a certain role is accessing a certain application. Separation of duties can be applied across multiple applications.
These actions aren't possible if your SSO solution is distinct from your provisioning solution which is different from your RBAC solution which is different from your audit solution. Even when purchased from a single vendor, these are often "frankenproducts" built from various acquisitions and mergers. If you don't have a single platform, you might as well have five or more.
EmpowerID puts all of these IAM capabilities in one platform. That is what allows you to check the user's role when authenticating; to create a workflow that does identity proofing when accessing secure resources; to offer attestation for group and role membership or application access. In short, to make identity management unobtrusive for a better user experience.
We had a call today with a gentleman who needed to provide access to twelve different web applications. His choice with other vendors was to have federated SSO with the applications or have an RBAC solution. With EmpowerID, he realized that he'd be able to have the two married AND add the user provisioning to all 12 applications based on the role of the user. A complete platform for his IAM needs.