IdP discovery
IdP discovery can also be called IdP routing rules, which might be a more telling name. With these routing rules, end users can be routed to different IdPs depending on the context. The context can be, in this case, device-related, IP or network zone-related, or simply looking at the email subdomain. Rules can be set for each identity provider or combinations of user criteria. The rules are set in a hierarchy, and if there is more than one rule that matches the current situation, the topmost will be used. Let’s look into how to set this up.
The first prerequisite is that at least one IdP needs to be set up. Navigate to Security | Identity Providers. If you don’t have any set up, go back to the beginning of this section to set one up. Even without an additional IdP, you can still set up routing rules for networks, and if you have the IWA agent installed, you can set up rules for DSSO. The same goes for ADSSO. For both, an inactive rule is created once...