Thanks @StuartRogers for this detailed new feature, a much needed addition to the authentication gameplay with Viya ! In the case of SAML Authentication to SAS Logon, a next step would be to have an option to disable the back-end LDAP queries between the Identitities Micro-service and the LDAP Directory server when you choose to pre-populate the user/group informations cache asynchronously using the Viya CLI identities plugins (link) In the modern Enterprise Information Systems, with 12 factor app, API Restful Http instead of connection based protocols and SSO authentication methods replacing direct form based query, it becomes really difficult to justify the need for a direct exposure of LDAP sensitive informations to application interfaces like SAS. Security rules now generaly prohibit synchronous LDAP queries for general application purpose like cache Group info provisioning. Being able to interpret the group scope part of the SAML (IDP) response token, for instance, is often a pre-requisite for new in-house developments.
... View more