Single sign-on does not have a magic bullet; instead, it requires a swiss army knife. Meaning many different ways to get users authenticated into an application using only one set of credentials. A German partner of ours calls this eierlegende Wollmilchsau based on one of our customers describing everything that EmpowerID can do.
This ability to perform multiple methods of single sign-on from federation to Web Access Management to password vaulting gives an extraordinary ability to get users authenticated to almost ANY web application using either corporate or social credentials. EmpowerID lets you authenticate external or internal users, apply a role to them, giving them appropriate access to any resource (on premise or cloud) and, just as importantly, not force you to have AD credentials for the user.
This is where the comparison to Active Directory Federation Services (ADFS) comes in. Not all of your users should be in AD and they are not always accessing WS* or SAML applications. In addition, you need to have role based access control (RBAC) determining the level of access for the user. And you need two factor authentication (TFA) for either highly privileged users or highly secure applications. ADFS is just too limited.
The below list illustrates some of the advantages of a true SSO/Federation/WAM application like EmpowerID has over ADFS:
-
Directory neutral federation (AD, LDAP, SQL, CUSTOM, etc. etc.)
-
Multifactor authentication (including Smartcard, OATH and identity proofing)
-
Extensive list of out-of-box authentication providers (including AD, Username/Pwd, social credentials like Salesforce, Twitter etc. etc.)
-
Powerful claims generation, transformation and issuing (leverage full power of C#, Web Services)
-
Leverage RBAC and powerful Metadirectory to issue advanced claims (Business Role and Location, Management Roles, Set Groups etc. etc.)
-
Enhanced security for sensitive data with advanced claims level encryption
-
SSO for non-Microsoft applications
-
Complete support for OAuth 2.0
-
Complete support for SAML 2.0 SSO Web Profiles
-
SSO Application Dashboard + powerful features like Persona etc. etc.
There is really no comparison to having a complete eierlegende wollmilchsau swiss army knife SSO platform that can authenticate any of your users, using any credential, performing full RBAC, and connecting to any application on any network. ADFS just cannot compare.
Tags: Single Sign-on (SSO)