Additional Entity in IIS

Cantor, Scott cantor.2 at
Wed Nov 16 19:03:36 UTC 2022

Creating a content grouping with a different entityID does not require an override, but your goal isn't that, but to create a session boundary.

Using an override (with the same entityID frankly) will partition the session cache and transiting the boundary between applications will ignore any session not created by and associated with the overridden application ID.

If it's not heading back to the IdP, it's not using the override.

Of course, SSO is SSO. The only control an SP has over the IdP experience re: the UI is the ForceAuthn flag, which often won't do what you want anyway, but absent that there's nothing you can do to limit SSO.

-- Scott

More information about the users mailing list