Hi folks,
I have a requirement, currently we are giving delegated admin access for internal user using journey whereas we have put some filter in case if the user is from external domain, then we have to provide access to user so that session is generated.
we don’t want external user to get reconciled at FR end or not using the passthrough authentication. What is the other alternative we can user to authenticate external user, whereas I thought of using access request using IGA but currently we don’t have IGA we have to find some suitable method in AM.
Hi @TanayAmgen,
I’m not sure to understand you requirement. Could you rephrase it please ? maybe with a step by step explanation.
regards,
Steph.
If there is no intent to keep the external identities in AM’s user store, then some external identity provider is to be relied upon to validate the user. You have ruled out using passthough authentication. I guess using IDM to authenticate through a connector is ruled out as well. Then remains using OIDC, e.g if you got AD as the organisation IDP, then AM can authenticate the user via a social provider node. To have AM deliver a session without having local identities set user profile in authentication settings to « none ». Have the proper claims in the id token to filter authorised users, the tree can inspect its content after the social provider authentication.
If that is not possible, you’ve got SAML2, that’s also possible with entraID, otherwise…. find a way to provide AM with some authentication proof AM can trust, or bring IG in the mix to handle legacy authentication schemes.
1 Like
Following as I too am unclear of the use case and appropriate response.
Either the identity is asserted or it is not.