Identity orchestration in Digital Access
This article describes how identity orchestration works in Smart ID Digital Access component.
Identity orchestration is a way to dynamically create remote user accounts at the time a user accesses a web resource. The first time a Digital Access user accesses the resource, an account will be created for that user on that service (default delivered services are Google Apps, MediaWiki and an SCIM plugin) and the user will automatically be logged in. The newly created user's credentials is saved on an SSO domain. The credentials are stored in Digital Access and are never exposed to the user.
First you need a plugin that is able to communicate with the desired service. Then, to enable identity orchestration, you have to create a channel. A channel is a configuration of a plugin for a specific remote service. That channel can then be used when making an access rule requiring identity orchestration. When you later add this access rule to a web resource in Digital Access, orchestration will be enabled.
For information about how at add an identity orchestration channel and plugin, click here.