WSS customer is providing the Web Gateway services to their subsidiaries and working like a service provider.
When activating multiple tenants and adding the same administrators to multiple tenants, an error is reported indicating that the email address is not unique. The same administrator email addresses should be used to login to each tenant.
Current Portal limitation requires a unique email address per tenant.
WSS product team currently looking into option of handling multiple admins with same email address across multiple tenants.
WSS Portal administration
Local (not federated) logins to Portal
A few different options can exist:
1. create an email alias for the admin users so that we can assign one per tenant (approach we currently went with)
2. use email plus addressing - Plus addressing means any email sent to [email protected] is still sent to your account. You can have a lot of variations on your email address to give out to different people, sites, or mailing lists.
3. implement federation on the WSS Portal. In this scenario, we can create a logical email address per tenant and configure the SAML IDP server to send that logical email back via a SAML assertion after logging into the IDP server using the corporate credentials. This will involve populating the IDP user store/directory with multiple email addresses per tenant; and setting up multiple SAML SPs (for each WSS tenant) on the SAML IDP server and injecting the appropriate email address in assertion destined for that SAML SP.
The WSS Product team is looking at scoping out this feature with the plan to include it in a future upgrade.