Single Sign-On
EMA® supports user authentication using single-sign on (SSO) to allow secure access to the archive while remaining comfortable to use for users.
Using this authentication method, users can access the archive directly from their e-mail client after successfully logging on to their workstation.
Additional means identification, such as a separate username and password prompt, are no longer necessary and will not be shown if authentication succeeds. This makes working with the archive extremely convenient for users while not at all compromising the system's security.
Technical details on single sign-on procedures
In a Microsoft Office 365 environment, with the one-time creation of an Azure App, access is easy and secure for all users through Azure Active Directory. Here, OAuth2.0 is used to realize the communication between Microsoft Graph and EMA.
In a hybrid environment (user mailboxes at O365 and locally), it is also possible to handle local user management via Azure AD (provided it is synchronized with the local LDAP server).
If EMA is located locally as an appliance in a customer infrastructure, it is connected to the local directory service via LDAP / Kerberos if possible and thus also offers true single sign-on.
In addition to true single sign-on, EMA also offers many other ways to implement centralized logon using a variety of authenticator methods. For example, the system supports LDAP (Lightweight Directory Access Protocol), OpenLDAP, Active Directory, Radius Server and HTTPs client certificates for logging in via SmartCard and even a customizable ticket server to integrate other logon systems. By live polling of authentication data checked against the existing system, the process ensures the highest possible access security and centralized account management, even when EMA checks against an existing system via POP3, IMAP, CIFS or FTP.
If even such exotic login methods and integrations are out of the question, EMA can also assign its own passwords and send them to users via welcome emails.