Hi Mikael,
Most recent capabilities of Verify Access have been designed to work with External Users (and Basic users) in addition to the standard users of old.
Here are limitations I know about:
- Cannot assign an external user directly to an ACL (but can dynamically assign to a group that is in ACL which is the right way to do ACLs anyway).
- Cannot manage validity of the account (rely on the external source to only pass valid users)
- External users cannot use the built in "Global Sign-On" capability (storage of user/password for backend systems). However, there is a new REST Service interface for integration with external/bespoke service for managing this data.
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Tue October 12, 2021 12:54 AM
From: Mikael Lindblad
Subject: ISVA act as a idp without userstore?
Hi,
Is there some functionality in isva that requires/must have that the user exist in the user store or can you go all in with the external user pattern?
------------------------------
Regards Mikael
------------------------------