Morning,
Trying to figure out how to craft a journey for a CSR to request an Identity to validate themselves. For example
CSR ->Collect Username -> Generate HOTP -> Email Identity -> Wait for response -> get Access Token for Token Exchange for Impersonation -> Impersonate User.
Identity -> receives email -> Clicks link -> enters otp -> finished
Reviewing it does not look possible OOTB, so any ideas?
Regards
Nicholas
hi @nirving
I’m not sure how different from Backchannel request grant :: PingOne Advanced Identity Cloud Docs is your use case.
Could you elaborate on how different is your use case from this please ?
regards,
Steph
Ah I misunderstood the process and I think I got it now.
I was hung up on the Push Notification flow being 100% ForgeRock Authenticator, which is something I don’t have access to at the moment, and now I re-read and can see I can replace with any Authentication Tree that provides a similar service.
Let me put togethor a demo and see how it works.
Nicholas
Thanks @Lisa I have documented this approach @ How to emulate CIBA with ForgeRock Access Manager - DEV Community
It works for me without having to have Push Notifications enabled in our profile.
Nicholas
Can you explain how you handle the callback from the Polling Wait Node since CIBA flow does not have a user agent present.
The acr_value is used from AM to select the journey. Does it redirect the client to the authenticate endpoint with the journey parameters or does it call the journey internal?
The Polling Wait node in the journey sends the callback to what application?
Thomas