The Identifier First Adapter works best in conjunction with authentication policies and setting expected attribute values to enforce authentication requirements.
The Identifier First Adapter is designed to identify user populations. It supports email
addresses natively: it extracts the email address suffix and exposes it downstream through
the domain
attribute. Additionally, the adapter can leverage datastore
queries to fulfill the domain
attribute or other extended attributes to
support identifiers of other kinds.
The Identifier First Adapter is most effective when used in conjunction with authentication
policies. The policy paths are created by having rules matching expected values of the
domain
attribute or other extended attribute. Each expected value forms
its own policy path, to which a series of authentication sources can be appended to enforce
the desired authentication requirements.
For the more information and configuration steps, see the subsequent sample use case and task.