AntoineD.34712 (Customer) asked a question.
Is it possible for a same IDP to differ SSO connexion method depending on the application ?
Let's say we have 2 application related to a single IDP 1, namely Application 1 (production application) and Application 2 (test application).
Would it be possible to have for Application A a SSO configuration using group_sync + group_set and for Application B group_sync only?
If we move from one methoed to another, it would be useful to be able to test it first on a non-production application to avoid any disturbance.
Hello @AntoineD.34712 (Customer) Thank you for reacting out to our Community!
Assuming I understood your issue correctly, you should be able to SSO into the application based on Group Statement Attributes aka sending specific groups during the SAML assertion which will give access to Application A or B based on what groups are beeing sent.
Please see our doc this matter:
https://help.okta.com/en-us/content/topics/apps/define-group-attribute-statements.htm
Please also see : https://developer.okta.com/docs/concepts/saml/
Community members help others by clicking Like or Select as Best on responses. Try it today.
Earn Today: New Okta Community Badges Have Arrived
Ask the Experts: Okta Device Access Product Team Now Thru 3/22