sso manager

SSO Application User Dashboard

Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory | www.empowerID.com 1

Service Provider Initiated SSO

Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 2

Identity Provider Initiated SSO


The 5 Federated SSO Scenarios

1. Corporate Login to Cloud Application

2. Cloud Login to Internal Application

3. Corporate Login to Internal Application

4. Corporate Login to Partner Application

5. Identity as a Service (IdaaS) Hub

Copyright © 2013. empowerID is a trademark of The Dot Net Factory, LLC. | www.empowerid.com4

Corporate Login to Cloud Application


SSO Login Page


SSO Application Catalog


Cloud Login to Internal Application


SSO Login Page


Supports Custom Branding

Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory | www.empowerID.com 10

Corporate Login to Internal Application


Corporate Login to Partner Application


Identity as a Service (IdaaS) Hub


Mobile HTML5 User Interface

Copyright © 2013. empowerID is a trademark of The Dot Net Factory, LLC. | www.empowerid.com14

Second Factor Login & Password Reset

Copyright © 2013. empowerID is a trademark of The Dot Net Factory, LLC. | www.empowerid.com 15

SSO Manager: Key Features

» Multi-Protocol Support: support for SAML protocol,

WS-Federation, WS-Trust, OAuth, OpenID, LDAP,

and RADIUS

» Federation Roles: Identity Provider (IdP) and Service

Provider (SP)

» Security Token Service: a Web Service (WS) Trust-

based token service, enabling policy-driven trust

brokering and secure identity propagation between

Web services.

» Identity Mapping and Attribute Retrieval: translate or

map identities in Metadirectory based on attributes in

incoming SAML assertions. Attribute retrieval for

inclusion in SAML assertions from Metadirectory and

live system accessCopyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 16


» Polyarchical RBAC

• Permissions model designed for complex organizations

and multi-tenancy

» Extranet Directory:

• Eliminates the need to provision external users in the

corporate directory

» Workflow Studio Federation Development

Environment:

• Workflow Studio templates to generate and manipulate

claims and identity information during the login processing

pipeline – for SAML, WS-Trust, and SharePoint systems



» Adaptive Authentication:

• Login Workflow – policy gate during the login process that

provides a flexible plugin point for registration and identity

proofing processes

• Authentication Level Enforcement – require different

authentication levels per Service Provider application

• Device Registration – force users to register and verify

ownership of PCs and mobile devices

» SharePoint Claims Provider:

• SSO for SharePoint

• Strong Authentication for SharePoint

• Role-Based Access Control for SharePoint


Claim Information Provider


Adaptive Authentication


Adaptive Authentication – Login Workflow


Adaptive Authentication – Level 2 Workflow


Forgot Password Workflow


Forgot Username Workflow


sso manager

Technology

dot net factory

sso copyright

sso login page copyright

corporate login

internal application

cloud login

service idaas hub copyright

sharepoint systems copyright