The data object model should support the key functions of an identity platform including one or more of the following:
Identification: Occurs when a user or entity makes a claim about their identity when attempting to gain access to a system or resource. For example, a user enters their username or ID to access a system. For more information on how to achieve this via a journey, refer to the login journey.
Authentication: Occurs when the user or entity proves their identity to the satisfaction of the access system. For example, a user enters their password or their identity is confirmed through some other process, which is verified by the system. For an overview of authentication, refer to Introduction to Authentication.
Authorization: Occurs when the system checks that the user or entity is allowed to access the resource or system after proper identification and authentication. For an overview of authorization, refer to Authorizations and policy decisions.
Identity provisioning: Ensures user accounts are created, updated, deleted, and assigned the proper access privileges to resources across applications and systems.
You can achieve this in various ways in Identity Cloud:
Use a library of templates for OIDC applications that makes the process of registration, provisioning, and configuration quick and easy.
Use a CSV file to import a set of identities. This is useful when you want to add a large number of identities to Roles and assignments in a single operation.
Create an entitlements structure that fits the needs of each realm by using roles and assignments.
Synchronize identities from an external data store.
Use pass-through authentication to validate user passwords via a remote service.