|
|
|
|
|
|
by nickmyersdt
1158 days ago
|
|
|
Yeah, we're looking at webhook type solutions but that puts the clever stuff "outside the box" which we're paying for. Okta's group rules do exactly what we want but we can't do the multi-tenant stuff and it doesn't do the SAML Federation side of things. The SAML Federation one is where all the modern SaaS fall short. Its still SAML but it involves: All the metadata for 100s of IDPs being downloaded and made available to enable Publishing the SP metadata to the federation(s) which may involve fees. Specific rules around metadata (attributes) being released and adhered to. And if your directory insists on having an email addresses for a user, that might be an issue. There's a reason why Higher Education businesses have cropped up around doing SAML Federation. I have had a trial of FusionAuth, and it was great, just didn't solve enough of our pain points to justify a migration. |
|
|
Sounds like the SAML federation is pretty education focused, so maybe FusionAuth isn't a good fit. Maybe something more open source like Shibboleth would help? Seems like a tough spot, hope you find something.
I went to a talk by Heather Flanagan[0] about how the browser third party cookie changes are going to impact the education space, and the education sector does have some special requirements.
I will say that we do sometimes move items on our roadmap around and can prioritize certain features. This requires a customer to commit to contract of a certain size, of course. Our sales people would love to chat if this is you :) .
0: https://www.youtube.com/watch?v=7L4Atm9FEBw