robot access to SP website

Cantor, Scott cantor.2 at
Wed Jun 23 14:27:46 UTC 2021

On 6/23/21, 10:18 AM, "users on behalf of Peter Schober" <users-bounces at on behalf of peter.schober at> wrote:

>    Or the application (enforcing step-up authentication with a different
>    authentication request sent to the IDP)?

I suppose, but outside of federated cases where there are really two organizations so the IdP can't be expected to do it (*), I think it usually makes for a better user experience to just deal with it at the IdP. It's also trading potentially N really complex configurations for 1 perhaps more complex configuration at the IdP.

-- Scott

(*) And federated scenarios don't tend to discriminate by type of user anyway because user "type" isn't very interoperable, i.e. the affiliation problem.

More information about the users mailing list