TrewIDM Cloud's Access Management module supports both Single Sign On and Federated Single SignOn functionality. TrewIDM Cloud Access Management module has been tested with over 75 plus Enterprise and SaaS based applications.
Various protocols including SAML 1.0, SAML 2.0, OpenID protocols are supported to generate Assertions during Federation.
TrewIDM Cloud can be configured in both Identity Provider (IDP) and Service Provider (SP) modes. In IDP mode, any request which is initiated from the domain hosting TrewIDM Cloud IDP, will authenticate the user, based on the partner mapping rules retrieves the attributes from the local authentication store, signs the message and generates the assertion message.
A Federation compliant service provider (For eg: SalesForce), receives the assertion message, validates the assertion and on successful validation redirects the user to the corresponding screen.
TrewIDM Cloud can be configured to authenticate against various authentication stores including an LDAP providers, Oracle Access Manager, Sun Access Manager.
TrewIDM Cloud SP module can validate the incoming assertion message and redirect to the specific application page as configured.
TrewIDM Cloud has provision for calling external programs as needed and are called as program handlers. Using a program handler, the incoming message can be redirected to an external application or execute an external program. This functionality is specifically used when TrewIDM is configured in the SP mode.