robot access to SP website

Cantor, Scott cantor.2 at
Wed Jun 23 13:52:35 UTC 2021

On 6/23/21, 9:32 AM, "users on behalf of Jerry Shipman" <users-bounces at on behalf of jes59 at> wrote:

>    I can think of other semi-reasonable use cases in which the capability to do this in the SAML would make
> sense, though. e.g.: "administrative users [in this given group or role] have to MFA, but end users can do
> whatever" or "students and employees have to MFA, but alumni can do whatever". 

How could the SP know which is which when it doesn't know who the user is before they've already logged in? That doesn't really work. Those kinds of rules are handled by the IdP generally.

-- Scott

More information about the users mailing list