Talk about a loaded subject line.... Are there any other communities out there who are acting as a service provider, and allowing their end customers to bring their own SSO / IDP into the mix?
Example: We utilize OKTA and act as a SP - I'm starting to test with a few customers (companies) to let them bring their own IDP into Community. This way if Company XYZ utilizes OKTA or another solution, their end users can simply click the "Anaplan Community" tile on their end and never have to worry about the actual act of logging in/registering in our Community - It happens behind the scenes via JIT.
The reason for me asking is.... What gaps am I going to run into down the road? Has anyone tried to set this up for 100+ customers, and if so, what's that like from a maintenance / support standpoint? Have you seen any benefits in actually offering this to all customers, select customers, etc?
TLDR; Am I an **bleep** for attempting this? 🤣
BYOIDP - I think it's a really interesting idea that could remove quite a bit of friction for line-of-business users in the enterprise.
Core concerns off of the top of my head:
Please to post back with your findings if you go forward with the plan. I'd love to hear how it goes.
- What happens if a company decides to remove the integration from their stack due to security concerns? All of those accounts get orphaned and users have to re-register?
- Users lose access to their account history (posts, rewards, reputation) when they leave a company
We're far from a solution that Stan described, only allowing multiple ways to register and log in. But to address one of your concerns: What we've done is, to allow users to connect multiple ways to log in to their account. They can use the corporate SSO and also connect with FB or Google or even use a native community log in. Therefore, an IDP is in place.