A slight change went live this week - it should now be possible to use SAML single sign-on (SSO) even if you are using an IdP aggregator (as long as your IdP aggregator supports this). If SSO already works for you, you can stop reading now.
The change is a new checkbox in SSO settings which when checked allows IdP aggregators to recognize which domain they are receiving a SAML request from. Quoting from the help page: "How do provider names work? The provider name is included in the SAML request to the IdP (Identity Provider). You can choose whether to include a standard or specific provider name. When multiple domains are using SSO with the same IdP aggregator, a specific provider name can be parsed by the IdP aggregator to identify the correct domain name for the SAML request. If you don't check the box to enable a domain specific provider name, Google will send the standard provider name (google.com) in the SAML request. If you check the box to enable this feature, Google will send a provider name specific to your domain (google.com/a/your_domain.com), where 'your_domain.com' is replaced with your actual domain name." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
