robot access to SP website
cantor.2 at osu.edu
Wed Jun 23 13:52:35 UTC 2021
On 6/23/21, 9:32 AM, "users on behalf of Jerry Shipman" <users-bounces at shibboleth.net on behalf of jes59 at cornell.edu> wrote:
> I can think of other semi-reasonable use cases in which the capability to do this in the SAML would make
> sense, though. e.g.: "administrative users [in this given group or role] have to MFA, but end users can do
> whatever" or "students and employees have to MFA, but alumni can do whatever".
How could the SP know which is which when it doesn't know who the user is before they've already logged in? That doesn't really work. Those kinds of rules are handled by the IdP generally.
More information about the users