Single Sign-On
A Swiss Army Knife Approach to Cover Modern and Legacy Applications
SSO Application Dashboard

With a single company login, employees gain simple one-click access to their cloud applications from all their devices. EmpowerID embraces Responsive Web Design to deliver a better user experience than other applications or platforms. Built on HTML5 to support devices of all kinds, EmpowerID screens don’t just resize, they are “reflowed” to be attractive and offer high usability on any platform with any sized display. Users can claim accounts, register for accounts and use a simple click-to-authenticate process to access all on-premise and Cloud applications. Federating, using Web Access Management or password vaulting are transparent to users, who only need to input one username and password at one screen for access to all their federated applications.
Request more information or a demonstration ›

Standards-Based Federation Server
EmpowerID is a Cloud Single Sign-On and Identity Federation platform that supports all of the standard identity protocols – SAML, WS-Trust, WS-Federation, and OAuth. The EmpowerID Federation server functions as an authentication hub. It allows users to sign-in once in any trusted source (Active Directory, Google, Facebook, Windows Live, etc.) to gain access to all participating applications. The EmpowerID Federation server also includes a Security Token Service (STS) and an OAuth Server. The STS issues security tokens as defined in the WS-Security specification, to enable the propagation of identity and security context between web services. The OAuth Server supports issuing OAuth 2.0 tokens for mobile application and API security.
Request more information or a demonstration ›
Browser Extension Password Vaulting
Password vaulting provides a secure way to access applications that don’t support a password-free single sign-on protocol like SAML. EmpowerID stores passwords securely on the server-side and injects them into an application’s login page during sign-on. One common usage for password vaulting is with Shared Credentials for applications that only support a single user, EmpowerID enables users to securely share logins, so multiple users can access a single account without having to disclose passwords.
Request more information or a demonstration ›
Active Directory Integration
EmpowerID can seamlessly authenticate users who have already been authenticated with their Windows domain. Using Microsoft’s integrated Windows Authentication, EmpowerID provides a lightweight authentication utility that integrates Active Directory with no need to install EmpowerID on remote networks. EmpowerID also provides full-feature Active Directory management and user provisioning services, for organizations that want to fully automate management of their corporate Active Directory.
Request more information or a demonstration ›
SharePoint SSO and Access Management
EmpowerID provides federated single sign-on and role-based access control for Microsoft SharePoint. EmpowerID plugs into the claims-based authentication support in SharePoint and acts as the Claims Provider in the SharePoint security model to control authentication and authorization. EmpowerID also inventories all SharePoint sites and groups, which allows centralized role and workflow-based access control. EmpowerID enables built-in access recertification and the enforcement of separation of duties policies.
Request more information or a demonstration ›
Social Media Login

SSO enhances ease of use and reduces access time for users, which in turn drives adoption. EmpowerID federates with Twitter, Facebook, or almost any other social media account, leveraging your users’ existing social media authentication. You can also allow your own internal users to log in to your applications or extranet using their authenticated social media credentials.
Request more information or a demonstration ›

Web Access Management
EmpowerID’s Web Access Management (WAM) solution gives you a powerful tool to achieve SSO for applications that do not support Federation. EmpowerID WAM supports non-federated SSO by intercepting and servicing end-user requests. This can be accomplished in two different ways. Agents that run on the Java and .NET application servers can intercept each request for a web resource, or you can use the EmpowerID Reverse Proxy, which stands in front of the web application and services end user requests. In each case, requests are intercepted and access is authorized by powerful EmpowerID policies for Role-Based and Attribute-Based authorization.
Request more information or a demonstration ›
Policy-Based Access Control

EmpowerID uses a shared service to centralize the management of user authorization for customers, partners and employees across all web applications. EmpowerID’s advanced policy engine allows organizations great flexibility in defining a user’s access to corporate and cloud-hosted resources. Using flexible, role and attribute-based access control rules, this centralized authorization service greatly reduces development costs by allowing developers to focus on the application’s business logic instead of programming security policies into application code.
Request more information or a demonstration ›

Identity Warehouse and Sync Services
EmpowerID is a complete platform that offers comprehensive Identity Warehouse, virtual directory, Role-Based Access Control and workflow automation services from a single codebase. EmpowerID’s Identity Warehouse is a multi-tenanted directory service that stores the relationship of a Person to the accounts they own, for both traditional identity management and single sign-on. The Identity Warehouse is a key component in any SSO solution architecture and enables organizations to house external identities without compromising internal AD security. External users can securely authenticate against the EmpowerID Identity Warehouse using single or multi-factor authentication, to gain controlled access to the applications you grant them. The Identity Warehouse provides full, self-service, delegated administration capabilities that allow end users to manage their own passwords and identity associations. With additional modules and connectors, EmpowerID can provision users into almost any type of system or directory, all from a single console.
Request more information or a demonstration ›
LDAP Virtual Directory

The EmpowerID Virtual Directory unifies all of the different directories in your organization into a single LDAP Directory access point. Many applications and operating systems support using an LDAP directory for centralized authentication and authorization, but most only support the use of a single directory. Since most enterprise architectures maintain separate directories for internal and external users, the EmpowerID virtual directory solves this integration challenge. A virtual directory also addresses the challenge of delegated authentication by allowing separate authentication paths for internal and external users. Internal users can authenticate directly against Active Directory, while external users can be authenticated by the EmpowerID Identity Warehouse, eliminating the need to synchronize passwords. The Virtual Directory also supports acting as the primary authentication directory for Linux and Mac OS devices.
Request more information or a demonstration ›

Single Sign-On for VPN

The integrated EmpowerID RADIUS Server provides RADIUS strong authentication to firewalls, network devices and VPN servers within your network infrastructure. EmpowerID verifies user credentials against the Identity Warehouse or against connected directories like Active Directory. EmpowerID SSO for VPN enforces strong authentication policies, by requiring multi-factor authentication.
Request more information or a demonstration ›

Adaptive Multi-Factor Authentication
EmpowerID includes a powerful adaptive authentication engine that analyzes contextual information such as the IP address of the user, the device they are using, and other factors to dynamically asses the risk of each login. If a risk is identified, a strong second factor can be required to prove the user's identity. To ease user adoption, 24+ multi-factor authentication options are available, including device authentication, one-time passwords sent to mobile phones, Yubikey Universal 2nd Factor Authentication, Duo Push, knowledge-based authentication (Q&A), and an OATH token server for issuing one-time password tokens. Our wide range of options ensures that every user can perform a strong authentication with minimal hassle even from their mobile devices. Multi-factor authentication services can be used for all types of authentication, including web SSO, LDAP, and RADIUS.
Request more information or a demonstration ›