Tags

Scenario

If you want to conditionally control which parts of your configuration an application can access, you can use tags.

When a SAML Service Provider (SP) or OIDC Relying Party (RP) connects to Fortified ID Access, acting as a SAML Identity Provider (IdP) or OIDC OpenID Provider (OP), the system can use data provided by the authenticator to determine which configuration elements should be available. For example, this can be based on the application's entityID.

In addition, you can use tags defined in the application's configuration object to influence behavior. Each SAML or OIDC application has a corresponding application object in Fortified ID Access, where settings such as the metadata path or URL are stored. You can assign one or more tags to this object, and these tags can then be used to apply conditional logic within your configuration.

How it works

When an application connects to Fortified ID Access, the system first checks the corresponding application object for any configured tags.

For example, if the application has two tags — swedish_bankid and freja_eid — these tags are added to the authentication session created for that application and user about to authenticate.

Fortified ID Access has several ways in which it can affect the authentication experience for a user based on conditions. Suppose your Identity Provider (IdP) has several authenticators configured, each associated with a specific tag such as swedish_bankid, freja_eid, uid_password, foreign_id, or yubikey.

In this scenario, only the authenticators that match the application’s tags — in this case, Swedish BankID and Freja eID — will be available for the user to select during login.

Prerequisite

• You have installed one or more of the Fortified ID product and Fortified ID Access.

xx