Hi All, I was looking into the $subject and found some blockers.
Authenticating a user can be done using AuthenticationAdmin service in IS without requiring the tenant admin's credentials. But in order to fetch the roles of the user (we need them in PGA) or create a new user account or update current user's information we have to invoke RemoteUserStroreManager service and according to what I found this can only be invoked providing tenant admin's credentials.
