Identity Orchestration is a way to dynamically create remote user accounts at the time a user accesses a web resource. The first time a Digital Access user accesses the resource, an account will be created for that user on that service and the user will be automatically logged in. The newly created user's credentials is saved on an SSO domain. The credentials are stored in Digital Access and are never exposed to the user.
First you will need a plugin able to communicate with the desired service. To enable Identity Orchestration you will have to create a channel. A channel is a configuration of a plugin for a specific remote service. That channel can then be used when making an access rule requiring Identity Orchestration. When you later add this access rule to a web resource orchestration will be enabled.
Note: Make sure the web resource uses the same SSO domain as the channel in the access rule.
The Identity Orchestration Settings are controlled using a plugin API. Each channel will be controlled by a plugin depending on which type of Service is needed. Default delivered Services are a Google Apps, MediaWiki and a SCIM plugin. If another type of Service is needed this can be accomplished by writing a new plugin. Please contact Technology Nexus for further information about this.
On this page you will see the registered channels.
To edit a channel please click the corresponding link.