Often AAF is working in conjunction with Identity Management / Access Management systems.
In these cases it is desirable to know when users have enrolled (one or more) methods in AAF.
For example, this might result in a trigger on a certain IDM driver, or it might result in a different authentication contract being used by NAM.
There is currently no feedback possible from AAF to the repository regarding a user's enrollment status. Having this kind of functionality would complete the integration with IDM systems.
A simple idea might be just a multi-valued attribute with one value per enrolled method. This will suffice for most implementations. More advanced scenarios involve a configurable attribute and value for each method.
by: Mark v. | over a year ago | Integrations
Comments
Mark,
There are REST calls available (see "List of user's linked templates" in the API Reference) that can Query a users enrolled method(s). This would provide a sort of 'just-in-time" (get) query capability.
Are you asking for something additional? Something like AAf should do a (put) notification to IDM and NAM?
Troy
Hi Troy, yes a 'put' notification is what I am after. Just an attribute write is enough, this can provide a trigger to IDM or be a basis for a NAM policy.