Defining Access flows

Access Flows enable you to specify the identification and authentication requirements for an application.

An Access Flow specifies the Identity Providers that are accepted before accessing a Service Provider, and possibly the order in which identification and authentication methods need to be supplied. Access Flows are constructed using a number of templates. One of the templates (the Policy Scheme) allows you to add more refined rules to an Access Flow. These rules are then executed by the Policy Engine.

Authentication groups two elements: Authentication Schemes and Authentication Methods. The combination of the two defines the ways to authenticate to a Service Provider.

An Authentication scheme is linked to a Service Provider. It defines which Authentication methods can be used to access it. It also defines the order of execution in the case of multi-factor authentication, and it specified the strength of each Authentication Method for multi-level or step up authentication.
The Authentication Method can contain one or more Identity Providers that can provide this Authentication Method.

It is easiest to first define the Authentication Methods, before grouping them into the possible Schemes.

There is always the pre-defined "Default Scheme" that is always applied to access the TrustBuilder applications (such as the Administration Portal). Take care not to experiment with this Authentication Scheme, as you could end up restricting the access to the Administration Portal.