We need an IAM (Identity and Access Management) solution which should be able to connect with multi-region on-premise databases. This IAM solution should provide two major functionality:
- MFA
- SSO
This IAM solution is going to be integrated with on-premise and on-cloud applications. Most of the users of these applications are internal users. But we also have certain external users those should be able to use these applications via IAM. These external users are from our different clients. Some of our clients want SSO integration with their IDP (Identity Provider). We have certain business use cases which will decide the login experience for these external users.
Use cases:
- The use case for Client A
[User1@ClientA.com]
- Must SSO from Client A’s intranet
- If they try to login using username & password at [www.examplecom] then it must fail, and they should be told they need to SSO.
[User2@gmail.com] - Also works for Client A, but doesn’t have an official email address yet.
- Logs in using username & password at [www.examplecom] then must MFA.
- Use case for Client B
[User1@ClientB.com]- User can login with username & password at [www.examplecom] but it require MFA
[ User2@ClientB.com] - User can login with username & password at www.examplecom but does not require MFA
- User can login with username & password at [www.examplecom] but it require MFA