...
- Federated Identity: Authentication happens at a home institution's IdP. Attributes may or may not be retrieved.
self_require_authn
oradmin_require_authn
must be enabled. - IdP of Last Resort: The CO will manage the user's credentials.
self_require_authn
oradmin_require_authn
may both be disabled. The early provisioning step is intended to support this model – allowing the creation of credentials before the user authentication step. - Account Linking: An individual known to the platform has more than one IdP, and would like the identities asserted from each IdP linked to the same profile.
Gliffy Diagram | ||||||||
---|---|---|---|---|---|---|---|---|
|