Applies To:
Show VersionsBIG-IP APM
- 12.1.6
Using BIG-IP® IdP Automation
Overview: Automating SAML IdP connector creation
When a BIG-IP® system is configured as a SAML service provider (SP), you can use SAML identity provider (IdP) automation to automatically create new SAML IdP connectors for SP services. Access Policy Manager® (APM®) polls a file or files that you supply; the files must contain cumulative IdP metadata. After polling, APM creates IdP connectors for any new IdPs and associates them with a specified SP service. APM uses matching criteria that you supply to send the user to the correct IdP.
When would I use SAML IdP automation?
Here is an example in which SAML Identity Provider (IdP) automation is especially useful. A large service provider (SP) supports a number of SAML identity providers. The service provider defines a SAML SP service on Access Policy Manager® (APM®) for access to that service. As IdPs come online, the service provider collects metadata from them and aggregates the IdP metadata into a file.
APM polls the metadata file, creates IdP connectors, associates new connectors to the specified SAML SP service, and ensures that clients performing SP-initiated access are sent to the correct IdP.