Tech Brief – empower® Solutions and Products

Required Permissions: IT Admin

Below is a table providing an overview of all technology requirements and specifications for empower®.

Note

This Tech Brief applies to the following:

  • empower® Solutions (Brand Control, Chart Creation, Content Enablement, Template Management, Slide Generation)

  • empower® Products (Slides, Slides Branding, Slides for macOS, Charts, Docs, Mails, Sheets)

  • empower® Add-ons (Web add-ins, Document Automation, AI Assistant)

  • empower® Admin Tools (Backend CLI Tool, EAV Editor, Admin Center)

  • empower® Combinations (Suite, Suite for PowerPoint, Slide Creation)

For further information regarding the Tech Brief for empower® AI, see Tech Brief – empower® AI.

Technology

Frontend (Desktop): .NET Framework, WPF

Frontend (Web): React, TypeScript

Frontend (Mac):  SwiftUI, React, TypeScript

Backend: .NET8, .NET Framework, Traefik, Consul

Hosting: Azure (utilizing Azure VMs, Azure SQL, etc.)

Monitoring: Azure Monitor, Prometheus, Grafana

Browser Support

Chrome: Latest

Safari: Latest

Microsoft Edge: Latest

Mozilla: Latest

Internet Explorer: Not supported

Cloud Platform and Security

The empower® Backend and Web Components are hosted on Microsoft Azure Resources (Azure VMs, Azure SQL, etc.).

Data is stored inside the Azure Platform (PaaS).

Microsoft Azure is certified with ISO 27001 and PCI DSS among other.

For more information regarding Microsoft Azure security and compliance, see Microsoft Trust Center.

Microsoft Azure provides SLA of 99,95% (website and API) and 99,99% for data storage.

For further information regarding Microsoft SLA, see Service Level Agreements (SLA) for Online Services.

Scaling

The empower® Backend is built and hosted with scalability in mind.

Geofencing

empower® can be hosted in all available public Azure regions. During the setup process, we work with our customers to determine the optimal region to use.

Azure ensures backups will not leave the geographical region of the tenant by employing paired data centers within the same geography.

For further information, see Azure region pairs and nonpaired regions.

This also means tenants hosted in the EU will have their backups stored in a different region also inside the EU.

Data Storage

All data is stored in SQL Azure with regular backups enabling point-in-time restore if necessary.

Temporary cache data is stored on Azure VMs.

Guest and Data Isolation

Isolation from other Microsoft Azure customers is managed by the Azure Backend.

With the exception of empower®  Express, empower®  uses single-tenant databases and application servers for each customer, preventing any user from accessing data from other tenants.

Fine-grained access control at the level of library folders ensures that users can only perform tasks they have been authorized to.

For empower®  Express, a multi-tenant environment, that same robust access-control system is used to isolate customer data.

Encryption

All communication between the empower® Backend and clients (both desktop and web components as well as third-party integrations) is SSL encrypted (TLS version 1.2/1.3).

All data at rest (both databases and VMs/disks) is encrypted by Azure platform-managed encryption at rest (AES-256 Bit).

Open Source Components

A selection of secure and qualified open source components are used and are constantly monitored for patches and security vulnerabilities.

Data Processing Agreement

Our general data processing agreement can be accessed under DPA.

For the empower® Express platform, the data processing agreement can be accessed under Right Aligned – Terms and Conditions.

Authentication

Open ID Connect is supported out of the box with Microsoft Entra ID and Okta. Other OIDC providers, incl. proprietary ones, can be used upon request.

For on-premises installations, Windows Authentication (Active Directory) using Kerberos and NTLM is also supported.

User Provisioning

empower®  supports SCIM for provisioning user accounts.

In addition to SCIM, active synchronization of users (pulling users from the identity provider) is supported for on-premises Active Directory, Microsoft Entra ID and Okta.

Single Sign-On

Microsoft Entra ID via App in Microsoft Entra ID (using Open ID Connect).

Okta via App in Okta (using Open ID Connect).

On-premises installations can also use Windows Authentication (Kerberos/NTLM) for SSO.

IT Security Certificates of empower® as an Organization

We possess an ISO 27001 certification.

Our certificate can be viewed under the following link:

View Certificate

Logging

Successful and failed logins are captured by the identity provider (Active Directory, Microsoft Entra ID, Okta, etc.) used by the customer.

Last login dates for individual users are logged on database level.

Privileged administrative operations by the empower®  Operations Team are logged within Azure and our external monitoring system.

Ports Used for Communication between Device and Application

License Registration: Port 443 – DNS: activate.madeinoffice.com or activate.empowersuite.com – Protocol: TCP/IP

Client Connection to the Backend: Port 443 – DNS: URL of your application server – Protocol: TCP/IP

Was this article helpful?

/

Comments

0 comments

Article is closed for comments.