Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses things like scim connectors to do this.
Another approach from today would be to pass a scim event to the remote provider which then decides what needs to be done to facilitate the thingd you describe. Iow. Either the idp (sender) or the sp (receiver) have a provisioning system to do this. The solution and the simplicity depends on where the control needs to be. Phil > On Apr 5, 2016, at 18:59, Hardt, Dick <d...@amazon.com> wrote: > > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > User experience: > Admin authenticates to IdP in browser > Admin selects SaaS app to federate with from list at IdP > IdP optionally presents config options > IdP redirects Admin to SaaS app > Admin authenticates to SaaS app > SaaS app optionally gathers config options > SaaS app redirects admin to IdP > IdP confirms successful federation => OIDC / SAML and SCIM are now configured > and working between IdP and SaaS App > Who else is interested in solving this? > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > Any one in BA interested in meeting on this topic this week? > > — Dick > _______________________________________________ > scim mailing list > s...@ietf.org > https://www.ietf.org/mailman/listinfo/scim
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth