Hi @Abdelrahman.kh,
When users have different credentials across apps, there is only few options to orchestrate the integration:
- Consolidate all users within a single identity and use centralised authentication with AM. I recognise that is often not an option with legacy applications, but that’s the simplest solution in the longer term.
- Have in some way the legacy app recognise that a user have authenticated with some kind of proof against AM (the IDP), e.g a SAML2 assertion, or OIDC id_token? As @mwtech mentioned, this can’t escape some modifications at the legacy app level.
Alternatively, in order to replay a user’s credentials, IG would have to remember username and password, which would have to be captured once - and stored somewhere for IG to replay later (keyed with the AM authoritative identity). And of course, this solution would need to be aware of credential changes. Honestly, I have not seen this kind of integration done, and would not recommend to take that path. It’s a home grown, non standardised integration, one that most corporations are moving away from nowadays - so it can only be temporary. The only standard ways as far as I know, are the methods mentioned above.
Regards
Patrick