Forum Discussion
AltostratusAPM as Saml IDP with many SP
Hi igorzhuk,
yes, that is possible. You can use one IdP for multiple SPs. You will just add another trust relationship between your IdP and the second SP. And add the new resource to the resource assign object in the Policy Editor.
Depending on the way your users authenticate against the IdP, you could for example use Active Directory groups for selecting which users will have access to which resource. Or maybe other attributes can be used (user domain if user authentices with mail address, attribute of a client certificate...)Take a look here: https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-access-policy-manager-saml-configuration/using-apm-as-a-saml-idp-no-sso-portal.html
KR
Daniel
MVPHi igorzhuk,
yes, that is possible. You can use one IdP for multiple SPs. You will just add another trust relationship between your IdP and the second SP. And add the new resource to the resource assign object in the Policy Editor.
Depending on the way your users authenticate against the IdP, you could for example use Active Directory groups for selecting which users will have access to which resource. Or maybe other attributes can be used (user domain if user authentices with mail address, attribute of a client certificate...)
Take a look here: https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-access-policy-manager-saml-configuration/using-apm-as-a-saml-idp-no-sso-portal.html
KR
Daniel
