...
Understanding SP-initiated Authentication as it Relates to Apica SSO Login
The following diagram further explains the roles of the Service ProviderSP, User-Agent, and Identity Provider IdP in the ASM SSO login process as it relates to ASM when SP-initiated authentication is used. Here, of course, Apica is the Service Provider and does the configuring of SP and configures the target assets.
| Note |
|---|
These target assets have no access controls on them (just an association to ASM), so the access controls and rules are set on the IdP side. |
User Role: List of User Roles in ASM to associate with the Identity Provider Role.
Monitoring Groups: List of Monitor Groups in ASM to associate with the Identity Provider Role.
Co-Owned Monitoring Groups: List of Monitor Groups for the Customer’s Power User Role to associate as co-owner with the Identity Provider role.
The browser (an HTTP user agent) is our the User-Agent.
The IdP is the Identity Provider that identifies the IdP Role / Group and the levels of access/permissions they are allowed
...
.
Their relationship and their communications are illustrated here (This illustration is an annotated excerpt from the SAML 2.0 Wikipedia Article):
...