EmpowerID - Combining Intelligence with Web and SAML SSO

Posted by Chris Hayes on Wed, Apr 01, 2015

RBAC ABAC SSO resized 600

Everyone's heard of Single Sign On or SSO.  By helping your end users get through their day, it allows them to first validate their enterprise identity and then seamlessly get into all of their enterprise applications.

The ugly secret of the SSO landscape is the lack of any real access control.  If you need to provide access to an application like Salesforce you have to add them into an Active Directory group.  That is simply not something that scales and will instantly become an administrative burden.  Let's not even get into what happens when that person moves to a new department, are you really going and removing them from the groups they shouldn't have access to anymore?

EmpowerID has created the world's first integrated Role Based Access Control (RBAC) and SSO mechanism that allows you to assign resources like salesforce.com to a business role not a group.  This gives you unprecedented flexibility to assign resources to things like SharePoint, Salesforce or whatever the application is.

BusinessRole

With EmpowerID you can assign resources to specific roles, like the example above where bank tellers in will be part of different active director groups but they can all be assigned the "Teller Business Role" and as such be allowed to access common resources for that role.  We've made it simple for you as an administrator too, manage these rules right through the EmpowerID WebAdmin console like you see below.

Easily assign a resource to a role

Reach out and we can walk you through how to add intelligence into your SSO engine today.

Request a Demo

Tags: WS-Fed, RBAC, Federation, Access Governance, SSO

B2C Single Sign On & Identity Management That Wins Over Consumers

Posted by Bradford Mandell on Mon, Oct 20, 2014

                              describe the image

Organizations that manage successful brands know what their customers want from a website experience and are able to provide it.

Consumers want simpler processes.  

They want a quick, seamless authentication experience. 

They want to get to a site from any device that is handy at the time, whether it’s a pc, a tablet or a smartphone.

They have lots of choices and they are bombarded with lots of information. Your branding must be visible and the flow of your customer through your site must be smooth so they will have a positive experience, remember you and want to return.

And your security for their identity needs to protect them and you without being obtrusive.

Your prize, if you capture consumers with a well-designed web presence, is a solid foundation for  business growth, faster fulfilment of your clients’ needs, and substantially greater efficiencies that can  reduce costs and drive profitability.

And of course you are supposed to accommodate all that and keep to a modest IT budget… phew!  

Here’s what it’s going to take:

  • A highly scalable Single Sign On (SSO) and Identity and Access Management (IAM) platform – one that can take you where your ambition wants to go.  Your IAM infrastructure may need to manage millions of users and tens of thousands of logins an hour.
  • Flexible branding – the login process can’t be generic, it and related Single Sign On (SSO) pages need to be customizable to your themes.
  • Support for social media logins is a must if you want to simplify the user experience and entice the widest number of users possible.
  • Self-service password reset and challenge questions that allows consumers to quickly get back in to your site if they forget their username or their password.
  • 2nd factor authentication capabilities and even identity validation will be needed if you need to provide an extra level of protection for your data or resources.  You may want the ability to step up authorization when a user needs to access more sensitive information.
  • A flexible API is another core need – on that can be embedded into your existing applications to connect to common authentication, provisioning and authorization processes.
  • You will want a licensing model that scales from a modest user base to one that is still affordable if you exceed your best expectations.
  • And while many SSO platforms claim that you can easily entrust provisioning to another platform that they can connect to, that’s going to cost you more money to develop, to implement and to support. So you will want a platform that is capable of integrating all of your essential identity management tasks from the start.
  • There is a lot of other technical stuff that you are going to want, like compatibility with all the major standards (SAML, WS-Fed, OAuth), password vaulting and reverse proxy for those legacy apps that can’t make a standard federated connection, but that still need to talk to your federated environment (because throwing out everything you own to pave way for new standards isn’t always practical).

There is a solution that provides all of the above: EmpowerID. 

EmpowerID is an integrated and modular platform, built on a single codebase and driven by workflow with prebuilt one-to-many SSO and Identity Management scenarios with the needs of consumers in mind. 

EmpowerID’s visual workflow designer and adaptive HTML5 interfaces offer a vastly improved and simplified approach to traditional SSO and IAM challenges.  It can be stood up in just a few days or weeks depending on the customization desired, instead of the months that other applications take. 

Most importantly, EmpowerID supports a satisfying access experience for consumers and drives strong ROI with its secure, seamless and flexible identity processes.  

                                                   Request a Demo

Tags: WS-Fed, authentication, Identity Management, Federation, consumers, SAML, Single Sign-on, Password management, SSO, social media