Overview
Once you create a PAA (see Managing Policy Authorization Agents), the PAA is listed on the Policy Authorization Agent screen. Each PAA is represented by a Policy Authorization Agent Card.
When an organization is maintaining multiple Environments (for example, Staging and Production), it is recommended that a PAA be configured for each Environment, each with its own connection strings.
In this scenario, the decision making workflow can involve (for example):
-
An Application requesting an authorization decision from the local PDP.
-
If Identity information is required, the PDP contacts the local PIP to retrieve Identity data from the local data sources.
-
The PIP data is returned to the PDP, which sends the decision back to the Application.
All communication is managed locally, increasing performance and security, protecting sensitive information, and decreasing latency.
To learn more about installing and deploying PAAs, click here.