The document discusses single sign-on (SSO) and identity management features of an SSO application. It describes various SSO scenarios for corporate login to cloud or internal applications. It also covers key features of the SSO manager including support for multiple protocols, security token services, adaptive authentication workflows, and a claims provider for applications like SharePoint. The document is a marketing piece that aims to outline the capabilities of an SSO application.

1. SSO Application User Dashboard
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory | www.empowerID.com 1

2. Service Provider Initiated SSO
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 2

3. Identity Provider Initiated SSO
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 3

4. The 5 Federated SSO Scenarios
1. Corporate Login to Cloud Application
2. Cloud Login to Internal Application
3. Corporate Login to Internal Application
4. Corporate Login to Partner Application
5. Identity as a Service (IdaaS) Hub
Copyright © 2013. empowerID is a trademark of The Dot Net Factory, LLC. | www.empowerid.com 4

5. Corporate Login to Cloud Application
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 5

6. SSO Login Page
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 6

7. SSO Application Catalog
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 7

8. Cloud Login to Internal Application
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 8

9. SSO Login Page
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 9

10. Supports Custom Branding
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory | www.empowerID.com 10

11. Corporate Login to Internal Application
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 11

12. Corporate Login to Partner Application
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 12

13. Identity as a Service (IdaaS) Hub
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 13

14. Mobile HTML5 User Interface
Copyright © 2013. empowerID is a trademark of The Dot Net Factory, LLC. | www.empowerid.com 14

15. Second Factor Login & Password Reset
Copyright © 2013. empowerID is a trademark of The Dot Net Factory, LLC. | www.empowerid.com 15

16. SSO Manager: Key Features
» Multi-Protocol Support: support for SAML protocol,
WS-Federation, WS-Trust, OAuth, OpenID, LDAP,
and RADIUS
» Federation Roles: Identity Provider (IdP) and Service
Provider (SP)
» Security Token Service: a Web Service (WS) Trust-
based token service, enabling policy-driven trust
brokering and secure identity propagation between
Web services.
» Identity Mapping and Attribute Retrieval: translate or
map identities in Metadirectory based on attributes in
incoming SAML assertions. Attribute retrieval for
inclusion in SAML assertions from Metadirectory and
live system access
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 16

17. SSO Manager: Key Features
» Polyarchical RBAC
• Permissions model designed for complex organizations
and multi-tenancy
» Extranet Directory:
• Eliminates the need to provision external users in the
corporate directory
» Workflow Studio Federation Development
Environment:
• Workflow Studio templates to generate and manipulate
claims and identity information during the login processing
pipeline – for SAML, WS-Trust, and SharePoint systems
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 17

18. SSO Manager: Key Features
» Adaptive Authentication:
• Login Workflow – policy gate during the login process that
provides a flexible plugin point for registration and identity
proofing processes
• Authentication Level Enforcement – require different
authentication levels per Service Provider application
• Device Registration – force users to register and verify
ownership of PCs and mobile devices
» SharePoint Claims Provider:
• SSO for SharePoint
• Strong Authentication for SharePoint
• Role-Based Access Control for SharePoint
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 18

19. Claim Information Provider
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 19

20. Adaptive Authentication
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 20

21. Adaptive Authentication – Login Workflow
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 21

22. Adaptive Authentication – Login Workflow
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 22

23. Adaptive Authentication – Level 2 Workflow
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 23

24. Adaptive Authentication – Level 3 Workflow
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 24

25. Adaptive Authentication – Level 5 Workflow
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 25

26. Forgot Password Workflow
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 26

27. Forgot Username Workflow
Copyright © 2013. EmpowerID is a trademark of The Dot Net Factory, LLC. | www.empowerID.com 27