EmpowerID Office 365 Manager Product Comparison



Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Single Sign-On
SSO for Office 365 Web Apps
SSO for Office Fat Client Apps (Lync and Outlook)
SSO Application Dashboard (Identity Provider Initiated Login)
Social Media Identity Login (Facebook, Google, Microsoft Account, etc…)
Windows Authentication using on-premise AD
Windows Authentication supporting remote partner ADs
Smartcard Login to Office 365
Device registration and login tracking * Only domain joined
computers and iOS
Branded Login Page
Branded User Self-Service Pages
SSO for non-federated applications where password must be vaulted
Application Sharing (Without Sharing Passwords)
Web Access Management SSO for non-federated applications * requires separate product
IP Address Restrictions
Step Up Authentication Policies Per App
OATH Hardware Tokens
OATH Software Tokens
One-Time Password to Mobile Device
VPN Integration (RADIUS Server)
Virtual Directory Server (LDAP)
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Directory & Infrastructure Support
Cloud Subscription * partially onsite * different product
On-Premise * partially onsite
Does not require on-premise AD account for SSO
Supports multiple Active Directory Forests
Support for Non-AD Authoritative Provisioning Source (e.g. HR or LDAP)
Scalable multi-instance sync engine
Attribute Flow/Sync
Attribute Transformations * limited
Attribute Change Rollback
Bulk Provisioning Approval/Throttling
Metadata Storage / Extensible Schema * limited
External User Identities - Partner/Customer Support
Password Sync
Captures Password Changes in On-Premise AD to Sync
Flexibility in format/source of ImmutableID
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Password Management
Self-service password change for users
Self-service I forgot my password reset process
Windows Desktop Login screen client for I forgot my password reset process
Password sync to other systems
Forced Password Self-Service Reset Enrollment (Q&A)
Forced Change Password before expiration
Multiple Password Policies
Helpdesk Password Reset and Unlock (Q&A)
Password Expiration Notification by Email
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Provisioning and Delegated Administration
Unlimited number of granular administrative roles * limited/not granular
Ability to organize and delegate Office 365 administration based on company hierarchy
Hierarchical delegation of Office 365 users, groups, contacts, and mailboxes
Dynamically assign users to roles based on department, business unit, group membership or attributes from any system
Dynamic role assignment based on data from HR or other authoritative systems
Create custom roles that grant access to multiple groups, mailboxes, and apps
Delegate management of roles to business users and admins
A single unified web-based admin interface for managing users, contacts, mailboxes, Lync, and groups
Automated User & Mailbox Provisioning and Deprovisioning
Dynamic provisioning based on group, role or attribute queries
Automatically assign license to users on provision
Default Attribute Value Assignment Policies
Group-Based Access Control to Apps
Role-Based Access Control to Apps * limited
Able to edit user, group, mailbox, contact, and Lync properties in one user interface
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Self-Service, Workflows and Approvals
Shopping Cart style access request system
Multi-level Workflow Approvals
Anonymous Self-registration account request with approval
Ability to request an account, contact, or mailbox with approval
Ability to claim/register an existing account for an SSO App
Ability to request provisioning of a new group with approval
Ability for managers to shop for access on behalf of multiple other users
SharePoint App Parts for self-service inside SharePoint
View Your Login History
Self-Service Profile Edit
Request physical assets (iPhone, iPad, Laptop, etc…) with approval
Edit SMTP email addresses
Join/Leave Group
Join/Leave Role
Request to become the Owner of a group with approval
Request access to a mailbox
Email notifications for approvals and status changes
Approval Dashboard to review all open and past requests
Comment on open items
Delegate approval tasks to someone else
Out of Office Approval Delegates
Visual workflow designer to support custom process automation
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Group Management
Granular delegation of group administration
Does not require a matching on-premise Group for management
Admins can create Office 365 groups
Admins can edit Office 365 groups
Admins can add and remove users as members
Admins can assign users as owners
Admins can delete groups
Admins can manage advanced group settings
Admins can manage Group permissions (Send As, Send on Behalf)
Permissions for groups can be assigned by role, location or dynamic attribute queries
Users can request creation of groups with approval * No approval
Dynamic Security Group Membership by role, attribute, etc..
Assign Group Owner Dynamically - by Group Membership, Role, or attributes
Ability to prevent groups from being deleted
Ability to flag groups as high security for special controls, reporting and audit
Temporary time-based group membership
Group Membership Based on Data from Other Systems (Non-AD)
Group Valid Until - categorizes groups for expiration to renew or retire
Group Membership Recertification
Group Owner Recertification
Group Membership Self-Recertification
Group Membership Enforcement - lockdown groups and prevent changes
Restore Deleted Group
Audit Log and Reports on All Group Membership Changes
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Mailbox Permissions Management
Mailbox and mailbox folder permissions inventory
Delegated mailbox-level permissions management
Delegated mailbox subfolder permissions management (Inbox, Calendar, Tasks, etc…)
Mailbox and mailbox folder access requests and approvals
Mailbox Permissions Audit/Recertification
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Compliance and Reporting
Access recertification for mailboxes and groups
Separation of Duties Enforcement (Prevent Toxic Group Combinations)
Compliance Dashboards
Risk Metrics to monitor accumulation of privileges for users, groups, and roles
100's of dashboard statistics on your system and security
Subscribe to reports and receive via email
Feature EmpowerID Office 365 Manager DirSync + ADFS FIM + ADFS Azure AD Premium + FIM + ADFS Okta OneLogin PingFederate
Extensibility
REST API
.NET API
WCF API
SOAP API
API can be extended
OAuth Server
SAML 2.0 Identity Provider and Service Provider
WS-Fed Server - Active STS and Passive
SAML Toolkit for Custom Apps
OAuth Server for Mobile App SSO
Over 700 shipping workflows
Visual Workflow Process Designer - Workflow Studio

Disclaimer: Product comparison is based on publicly available information as of August 8, 2014. It is recommended that any organization interested in the procurement of a solution, review each product in accordance to their specific business and technical requirements.