EmpowerID Products and Solutions
- Learning Center
Welcome to the Learning Center
EmpowerID SharePoint Manager provides federated single sign-on and role-based access control for Microsoft SharePoint. SharePoint Manager leverages the new claims-based authentication support in SharePoint 2010 to allow EmpowerID to act as the Claims Provider or a Claims Augmentation Provider in the SharePoint security model.
As a SharePoint Claims Provider, users are redirected to the EmpowerID federated log-in page when logging into SharePoint. As a federated single sign-on provider, EmpowerID acts as an authentication hub allowing federation trusts to be established between EmpowerID and other major Identity Providers using industry-standard protocols like SAML, WS-Federation, OpenID, and OAuth. Organizations can allow users to login to SharePoint using their username and password from any trusted system such as Active Directory, Google, Facebook, Windows Live, among others while adding on more stringent security controls such as enforcing device registration and second-factor authentication.
In addition to providing single sign-on, EmpowerID can serve as a “Claims Augmentation Provider” of role-based and fine-grained access control for SharePoint in situations where another system such as Active Directory Federation Services, performs the user authentication. In either mode, EmpowerID becomes an extension of the authorization system inside SharePoint, determining who has access to which protected sites and content.
EmpowerID’s powerful hybrid RBAC and ABAC model can be used directly inside SharePoint’s People Picker user interface to grant access to sites, lists, documents, etc. The People Picker allows end-users to search and select any EmpowerID security object such as People, Groups, Roles and dynamic collections just as they would normally search for users or groups. The EmpowerID RBAC system allows content owners and security administrators to use flexible and dynamically maintained role-based assignments when managing SharePoint permissions. The dynamic nature of these roles can dramatically reduce the administrative burden of manually setting security assignments and automates access granting and revocation based on changes in user’s job status, function or location.