Branching Authentication Policies
The ability to complete different mechanisms based on custom conditions is necessary to complete complex scenarios. With the addition of decisions and branches in AAC Authentication Policies, it is now easier to implement these scenarios. To add a branching workflow to a policy, a Decision can be added to the policy workflow steps. The Decision contains references to:
- A mapping rule
- An optional template page
- A list of branches
When a Decision is reached in the runtime policy flow, the following occurs:
- The decision mapping rule is run.
- If the mapping rule returns false, a template page is returned to the user for input.
- If the mapping rule returns true, the state is checked for a decision and the corresponding branch is entered.
Once each step in the branch has been completed, the policy completes or continues to the next common step.
A Decision can contain one or more branches and each branch can contain one or more steps.
The template page configuration is optional to enable scenarios where the decision should not be presented to the end user, but instead based off data available to the mapping rule.
There are no limitations on the number of decisions in a policy, or Whether they can be proceeded or followed by normal steps. The only limitation is that a decision cannot be nested within another decision.
- Scenarios
Various scenarios are provided as examples out-of-the-box. Policies for these scenarios can be configured using a Wizard on the new Scenarios screen. It is available at AAC > Authentication > Scenarios.- Decision
The underlying implementation of the Decision is achieved through an Authentication Mechanism similar to the InfoMap mechanism, Decision JavaScript.- Branches
The layout of the branches is made available at runtime in the following format:- Steps
The steps within a branch can be any of the available authentication mechanisms.
Parent topic: Advanced Access Control configuration