Forum Discussion

Mike_B's avatar
4 years ago

Multiple IDP's

Hey Team,

Would it be possible to look at allowing multiple SAML/OAuth IDP's for SSO so we can allow multiple customers to utilize their own Azure AD to sign in to LM?  Currently it only allows a single IDP.



3 Replies

  • Last time I considered this, I ended up selecting OneLogin to resolve. I ended up not needing it, but I think it will do the job with domain matching used to select the correct SAML integration.  I do agree each client should have a separate SAML profile based on username (e.g., domain part of email address) without paying extra, but that is not possible as it stands.  I have been pushing as hard as I can for making MSP handling within LM be more comprehensive.


  • 5 minutes ago, Stuart Weenig said:

    AFAIK, the only way to do this is with child accounts (i think).

    With Exchange should get somewhat better, child accounts should improve.  I recommended in a recent UI/UX discussion that it be possible to keep modules in sync via Exchange across multiple child accounts. Without that, they become very painful to deal with. It also seems every year when we renew our agreement, features are disabled without notice on child accounts (I am currently devoting a bunch of coding time to detect that has happened after silently losing LMConfig the third year in a row -- that one in particular I can determine because /setting/configsources returns no results when it happens).

  • Anonymous's avatar

    AFAIK, the only way to do this is with child accounts (i think).