A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The embedded region may include customization information configured by a user, and “Card” information received from an assertion provider, indicating how to authenticate user credentials in order to gain access to relying party restricted content. The security component may request authentication of user credentials from the assertion provider, which may be trusted by the relying party. The security component may receive an assertion token from the assertion provider indicating the credentials are authentic. The security component may forward the assertion token to the relying party to gain access to the restricted content.