As a customer of Alfresco ECMPaaS, I want to be able to use Alfresco without a sharing an authentication directory between Alfresco and my IdP which would require a VPN tunnel. When a user is disabled in my IdP, I want that user to also be disabled in Alfresco.
- Configure an Alfresco instance to use SAML with an IdP
- Do not configure Alfresco to access the authentication directory behind the IdP
- Create a user in the IdP.
- Log into Alfresco with that user (should be created automatically per
- Disable the user in the IdP
- In the Alfresco user browser, the user appears as disabled
- The user cannot log into Alfresco directly
- SAML provisioning of users must not break the authorized users count used to verify license compliance.
- This should work in roughly the same way as automatic provisioning of users via LDAP currently works.
- Question: Does SAML support this use case?