Blocking access for an individual user to a specific SP

[Cantor, Scott]

> I realise that the v3 IdP and it's concept of flows is far more
> configurable/customisable than previous versions of the software but with this
> added flexibility comes complexity and abstraction.

Yes, I'm just saying this is one of the only common cases where it's a very self-contained feature and literally comes with an example included that does exactly what you asked about, so it really is just "add this config". Everything else is much more work in terms of learning curve. It was just a warning.

This for example is not a "flow" situation, because it's a thing we already provide, you're just turning on a feature whose "flowness" is really incidental to the outcome. Lots and lots of other questions tend to amount to "write a script" or actually "come up with a new flow" and I would expect most people to find that a whole other level of hard.

> 95% of configuration changes to a production IdP will be simple operations like
> modifying the attribute filter or adding metadata.

Certainly, though IMHO attribute filter rules are more complex than this feature is. People are just used to them.

-- Scott