Federation Services

The EmpowerID platform includes a standards-based Federation Server that supports the SAML, WS-Federation, OpenID, and OAuth protocols for achieving single sign-on. In a federated security model, applications dubbed “Service Providers” (SP) rely on trusted Identity Providers (IdP) or Security Token Service (STS) for authentication. This separation of authentication from the applications themselves allows for greater flexibility to support users logging into applications with a single username and password as long as it is from a trusted Identity Provider.

EmpowerID acts as both a Service Provider and an Identity Provider. When operating as a Service Provider, EmpowerID supports authentication from any trusted Identity Provider. When operating as an Identity Provider it functions as an authentication hub, allowing federation trusts to be established with all major Identity Providers using industry-standard protocols like SAML, WS-Federation, OpenID, and OAuth. This trust relationship simplifies the creation and maintenance of federation trusts as an organization must only configure their applications to trust one Identity Provider, EmpowerID. EmpowerID then acts as a powerful authentication hub allowing users to sign-in with a login from any trusted system (e.g. Active Directory, Google, Facebook, Windows Live, etc.) while adding on more stringent security controls such as enforcing device registration and second-factor authentication.

A unique feature of the EmpowerID Federation platform is its extensive programmability. EmpowerID Workflow Studio provides wizards and code editors for easily creating complex SAML and WS-Federation claims extensions that can be used by applications for authorization. As an example, EmpowerID claims extensions allow information from any enterprise system to be used for assigning role-based permissions with Microsoft SharePoint 2010.

Key Features:

• Creates new revenue opportunities allowing partners and customers to securely sign-up and access corporate resources
• Supports all of the standard federation protocols including OpenID, SAML, WS-Fed, and OAuth
• Federates with a large number of Internet and Corporate Identity Providers including Active Directory, LDAP, Facebook, OpenID, Twitter, SalesForce.com, Google, Yahoo, among others
• Supports the Federation roles of Identity Provider and Service Provider
• Fully supports Microsoft SharePoint as a SharePoint Claims Provider (IdP) and Claims Augmentation Provider that extends Role-Based and fine-grained access control to SharePoint
• Built-in Identity Provider stores Person identities in the EmpowerID metadirectory
• Unique Login Workflow handles on-demand provisioning and linking of identities when a user log in
• Fully programmable, allowing custom Federation Extensions to be created in the Workflow Studio C# development environment