[aznapi-external-authzn-services] stanza

Edit online

An external authorization service plug-in is an optional extension of the Verify Identity Access authorization service that you can use to impose additional authorization controls and conditions.

You can use an external authorization service plug-in to force authorization decisions to be made based on application-specific criteria that are not known to the Verify Identity Access authorization service. Each external authorization service plug-in is a stand-alone module that is dynamically loaded into the authorization service.

The parameters for configuring Verify Identity Access external authorization service plug-ins are declared in the [aznapi-external-authzn-services] stanza of this configuration file provided by Verify Identity Access:

The ivmgrd.conf configuration file for the policy server
The [instance-]ivacld.conf configuration file for the authorization server
The configuration file for configured external authorization service plug-ins for your resource managers
The aznAPI.conf configuration file is provided with Verify Identity Access as a sample file for creating your own resource manager configuration file. Developers of service plug-ins typically provide the standard functions. Before you implement service plug-ins, read and thoroughly understand the concepts in the Authorization C API Developer Reference.