I am trying to understand the behaviour and usage of "Additional Attribute Retrieval Search List" under Identity Store Sequence in ACS ? In ISE we can choose only one Identity Store in identity store sequence but in ACS it gives us an option to choose another external identity source to retrieve additional attributes.
This is being highlighted in an ACS to ISE migration engagement.
This is another thread referring to the same feature.
The main difference is that ACS checks only the attributes in this list while ISE checks anything specified in the authorization policy rules during evaluation.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
