Fischer provides an administrative interface to configure and manage your Identity Provider and Service Provider configurations.  Note that Fischer's proprietary IdP stores all configurations in its database.  There are specific scenarios where file system configurations need to be employed to override the default behaviors of Fischer's IdP.  Below is a list of scenarios where the IdP is required to convert to file system configurations.  

The same granular features are available for organizations that leverage Fischer’s identity provider (“IdP”) for authentication and have abstracted all end users from native (LDAP) authentication.  Anytime a user attempts to access a URL that is protected by Fischer’s IdP, the user will be re-directed to the IdP login screen.  The IdP feature was discussed in the Feature Overview Course so if you need to brush up, please refer to that course for more information regarding Fischer’s IdP feature.

Once the user is re-directed to the IdP login screen, they are asked to provide credentials.  IGA and Federation Administrators have the ability within Fischer to de-centralize authentication depending upon the conditional filter which will resolve users to different Connected Systems to authenticate.  This approach empowers organizations that currently leverage a single credential, stored in a particular authentication store to keep those credentials in place (i.e. not requiring them to be synchronized to Fischer).  The end user’s transition to the Fischer IdP, in this case is seamless because there is no credential change required, and the user would still use the same credentials they’ve always used, making the migration process to Fischer’s IdP solution seamless from an end user’s point of view which will help limit the number of help desk calls and password resets needed since Fischer is fully capable of leveraging the same credentials the user has always used under the guides of the incumbent IdP solution.  This is a very powerful feature extended to IGA Administrators to help to eliminate one of the headaches that may come about when transitioning your full suite of IGA features from your incumbent solution to Fischer’s Identity Suite.

In this case, Fischer uses the concept of a filter much like the MFA feature.  IGA Administrators will define a filter for each user type and Fischer will resolve that filter upon the user entering their credentials into the Fischer solution and direct the authentication request to the defined authentication store.

Here is an example of configuring Federated authentication for two distinct authentication stores.