Identity Orchestration

Identity orchestration sits above individual identity tools and sequences them into a journey. Instead of hard-coding a login or onboarding flow inside an application, teams define the flow in an orchestration layer that calls out to providers for authentication, identity verification, fraud signals, and consent in the order the policy requires.

The approach grew out of the reality that most organizations run more than one identity system. Orchestration lets a flow route a user through different providers based on conditions such as risk score, geography, or customer segment, and lets teams swap a provider without rewriting application code.

A common use is migration. An orchestration layer can authenticate users against a legacy directory while gradually moving them to a new system, abstracting the change away from the applications and the users.

For CIAM, orchestration is how a business assembles a customer journey from best-of-breed components while keeping a single, consistent experience. It trades some added infrastructure for flexibility, vendor independence, and faster iteration on registration and login flows.

Sources

• OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html