User
Initiates authentication process
1
Authentication
User logs into the Identity Provider
- • User opens IDP login page
- • Provides username/password
- • MFA verification if required
Identity Provider
(Okta, Auth0, Entra ID...)
Manages user authentication
2
Request Claims
IDP calls PlainID for authorization data
- • IDP prepares token issuance
- • Calls PlainID REST API
- • Sends user context/attributes
PlainID Authorization Platform
Policy Administration Point
Policy Decision Point (PDP)
Token Enrichment
API Authorizers
3
Calculate Claims
Policy evaluation determines access rights
- • PDP evaluates access policies
- • Calculates entitlements
- • Returns claim values
4
Token Enrichment
JWT with dynamic authorization claims
- • IDP adds claims to JWT payload
- • Digitally signs the token
- • Delivers to consuming application
Application
Receives and validates enriched JWT