Sapho Employee Experience Portal inherits your existing security and compliance practices

Leverage your well established security practices that match your needs

Sapho was designed to match the footprint of your existing internal web applications in order to be compliant with common security practices in large enterprises.

On-premises or private cloud deployment

Sapho deploys as a standard Java .war file into a Java application server such as Tomcat, or into the Platform-as-a-Service feature of a private cloud. The Sapho software is managed and secured like your existing internal web applications, and fits into standard deployment processes.


Rosetta Stone consolidated identity system

Sapho’s patent-pending Rosetta Stone technology maps each employee’s identity across identity providers, enterprise mobility management, and both on-premises and cloud applications. Our unique consolidated identity system chains authentication across multiple systems and consolidates rules, such as groups or data filters, ensuring that employees only see the data they have permission to access.

More about Sapho’s Rosetta Stone technology


Controlled data storage

Sapho stores all metadata and cached data in a SQL92 database such as MySQL, which can be isolated and managed on your internal network like existing database resources.

Transport security

The Sapho Server uses SSL for transport security like any other Java EE application. SSL certificates can be forwarded by the reverse proxy or terminated within the DMZ.


Extensive logging

All interactions are logged into either the application server or system log, which in turn are pulled into the existing log management system, so any security incidents can be remediated like any other internal application.

Identity provider support

Sapho uses your existing identity provider to authenticate and authorize users, just like your other applications. Sapho works with a variety of identity providers, including Active Directory, LDAP, and SAML. Access to individual micro apps is authorized by access control lists and groups defined in your existing identity solution.


Data write backs

Sapho can write directly back to source applications using native APIs. Database write backs are performed with JDBC. Application write backs can be performed in two ways: with delegated authentication or with direct user login. With delegated authentication, Sapho uses the application's API with a master account to perform the write action, along with an audit trail of the user logged into Sapho. With direct user login, Sapho deep links directly to the source application, where the user can be auto-logged on with their SSO and can complete an action.


Find your existing security and compliance systems

Auth0

Auth0

CA Siteminder

CA Siteminder

G Suite

G Suite

Microsoft Active Directory

Microsoft Active Directory

Ping

Ping

LDAP

LDAP

Schedule a demo of Sapho Employee Experience Portal

Schedule demo
arrow_downCreated with Sketch.

Explore a demo portal to see the benefits of a personalized employee experience portal!

Try now