How do you handle a partially authenticated state when the inbound user is either missing attributes, or needs to select from multiple mapped accounts when accessing resources protected by ISAM or what is now IBM Security Verify Access.