Authentication flow steps may store arbitrary non-persistent key-strings pairs (= strings that are not stored in the IAM database) in the flow session. The key-string pairs are available in the identity propagation, i.e., they may be sent to back-end applications.
This article describes how to propagate key-string pairs using the Generic ID Propagator plugin.
The possibility to store arbitrary non-persistent string values in the authentication flow session has originally been implemented for attributes extracted from SAML assertions (IAM as SAML SP). Future IAM flow steps, as well as custom code, may store other string attributes in the authentication flow session.