EmpowerID Office 365 Manager uses WS-Federation to enable employees to continue to login to Outlook , OWA, Lync, and SharePoint using their same corporate
Active Directory username and password once these services are migrated to Office 365. External users and extranet scenarios are also supported allowing users
to login using any approved login type, including: Social Media Identities (Facebook, Twitter, Microsoft), remote partner Active Directory credentials, or even
an organizationally-branded EmpowerID identity. Should a user forget their on-premise AD or EmpowerID identity password, the built-in self-service password
reset function allows them to regain access easily and without assistance from a help desk.
Single Sign-On strengthens overall security by eliminating the need for multiple passwords to connect to any number of applications and
platforms and by making it easier to hold users accountable for safeguarding their one single password. The convenience of single login access to all
applications allows second factor authentication to be added as an additional security layer without making the login process cumbersome. The second
factor authentication can be as simple as allowing employees to receive or generate one-time passwords on their mobile phones. Other multi-factor
authentication options include device authentication, knowledge-based authentication (Q&A), online identity proofing, smartcards (CAC/PIV), and a standards
compliant OATH server for issuing hardware or software one-time password tokens. Users may opt in for multi-factor authentication or flexible security
policies can trigger a step up based on dynamic contextual information.
Today’s employees are more mobile, often working on the go and from remote locations using an increasing variety of devices, personal
and company-issued. Maintaining security standards across mobile devices can be challenging. EmpowerID extends corporate security to mobile devices by
enabling single sign-on and by tracking device ownership. EmpowerID can proof and register a personal computing device to an individual employee, making
it an additional authentication factor to further strengthen security.
A user's SSO Application Dashboard, IT Shop access request interface, and password management screens are built using responsive HTML design so that they display properly and are fully functional across a broad range of mobile devices, enabling maximum productivity for when staff are on the go.