...
- Federated Identity: Authentication happens at a home institution's IdP. Attributes may or may not be retrieved.
self_require_authnoradmin_require_authnmust be enabled. - IdP of Last Resort: The CO will manage the user's credentials.
self_require_authnoradmin_require_authnmay both be disabled. The early provisioning step is intended to support this model – allowing the creation of credentials before the user authentication step. - Account Linking: An individual known to the platform has more than one IdP, and would like the identities asserted from each IdP linked to the same profile.
| Gliffy Diagram | ||||||||
|---|---|---|---|---|---|---|---|---|
|