HomeManagement Center

Applications tags

Scenario

If you want to conditionally control which parts of your configuration an application can access, you can use application tags.

When a SAML Service Provider (SP) or OIDC Relying Party (RP) connects to Fortified ID Access, acting as a SAML Identity Provider (IdP) or OIDC OpenID Provider (OP), the system can use data provided by the authenticator to determine which configuration elements should be available. For example, this can be based on the application's entityID.

In addition, you can use application tags defined in the application's configuration object to influence behavior. Each SAML or OIDC application has a corresponding application object in Fortified ID Access, where settings such as the metadata path or URL are stored. You can assign one or more tags to this object, and these tags can then be used to apply conditional logic within your configuration.

How it works

When an application connects to Fortified ID Access, the system first checks the corresponding application object for any configured application tags.

For example, if the application has two application tags — swedish_bankid and freja_eid — these application tags are added to the authentication session created for that application and user about to authenticate.

Fortified ID Access has several ways in which it can affect the authentication experience for a user based on conditions. Suppose your Identity Provider (IdP) has several authenticators configured, each associated with a specific tag such as swedish_bankid, freja_eid, uid_password, foreign_id, or yubikey.

In this scenario, only the authenticators that match the application’s tags — in this case, Swedish BankID and Freja eID — will be available for the user to select during login.

More information

Configure application tags for a SAML profile

In Access documentation under MODULES, click SAML -> SAML Profile. Look for app_tag.

Configure application tags for a SAML application

In Access documentation under MODULES, click SAML -> SAML application. Look for app_tag.

Configure application tags for a OIDC Relying Party

In Access documentation under MODULES, click OIDC -> Relying Party. Look for app_tag.

Using application tags with conditional access and authenticators (exec_if)

Click following link

Using application tags with conditional access and selector (include_expr)

Click following link

PreviousUse Access as logoutNextPortal

Last updated