In this morning's MS Identity Advisors session MS provided a clear indication that they are planning to move towards a call-out model for on-demand Access Request integration with external systems. To get ahead of the curve on this, we could look at offering an extensible REST API endpoint in UNIFYBroker.
Typical usage would be:
Azure sends UNIFYBroker a request for user "bobsmith" asking UNIFYBroker for a certain attribute for that user (e.g. department number) or asking UNIFYBroker to provide an answer to a question (such as "is this user allowed to get access to resource X at the moment?") UNIFYBroker responds and Azure uses that information to approve or deny an in-flight Access Request.
My suggested solution is that the request for user "bobsmith" (and/or "resource X") would map to a adapter record lookup, and the "answer" UNIFYBroker gives back would be the value of one or more fields for that matching record.
Customer support service by UserEcho