- Federated Identity: Authentication happens at a home institution's IdP. Attributes may or may not be retrieved.
admin_require_authnmust be enabled.
- IdP of Last Resort: The CO will manage the user's credentials.
admin_require_authnmay both be disabled. The early provisioning step is intended to support this model – allowing the creation of credentials before the user authentication step.
- Account Linking: An individual known to the platform has more than one IdP, and would like the identities asserted from each IdP linked to the same profile.