Multi affiliation can be implemented in at least two ways: multi accounts one per affiliation, single account combining the affiliation permissions into one account.

When customers are implementing multi affiliation with one single account, IG has problems to distinguish which affiliation a permission belongs to.

At collection time in a multi affiliated environment with single accounts, IG should take the information about the affiliated relationship from the business roles.

The process would be like this. The application collector collect a permission, maps that to an account, which are mapped to two affiliated identities (users). In order for IG to map the permission to the right affiliated identity, it should look at the business roles and map the permission one or more affiliations depending of which affiliation has triggered the provisioning of the permission via a business role.

For IG customers that also have Micro Focus IdM that uses the IdM role model to provision permissions, this information should be taken from IdM.

by: Ken W. | over a year ago | Configuration