The Enterprise Sign On Engine (ESOE) allows an enterprise to meet its goals for identity management, single sign on, authorization, federation, and accountability for resource access in a very extensible manner. The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's powerful authorization engine is built around a reduced version of the OASIS XACML 2.0 standard called Lightweight eXtensible Authorization Control Markup Language or "LXACML".
GConnect allows organizations of all sizes to integrate their local identity stores with Google Apps to provide single sign on to users and perform on-demand provisioning. GConnect supports authentication and attribute resolution against all LDAP servers and supports advanced integration with Active Directory to provide users with seamless navigation from the corporate environment to Google Apps without having to manually re-enter credentials. Integration to existing authentication mechanisms provided by Web portals or other SSO systems is also possible.