SSO can be enabled or disabled for specific Child Organizations that exist under a Parent Organization within AppNeta SaaS allowing you more control on which Organizations SSO Users can be a part of.
A User with the Organization Admin role can Enable, Disable and Edit SSO Membership for the Child Organizations by following these steps:
1. In your Organization, go to Manage Identity Providers from the gear drop-down:
You will see your SSO Identity Provider Configuration appear on the screen, from here you can disable (or enable) and edit the SSO configuration for your Organization.
***NOTE*** If you wish to remove a Child Organization's membership to a SSO connection, you must disable the SSO Connection from this screen before proceeding.
For our example, our test organization below:
2. In the small cog wheel icon, click on Edit:
3. From the menu which pops up you can enable/disable which child orgs also are part of the SSO configuration with the Checkboxes:
4. Click Save to submit the Organization membership changes in the SSO connection.
If you disabled the connection earlier to remove a child organization, do not forget to re-enable it!!
By default when a Child Organization is selected the SSO User will gain access to ALL of the selected Organizations. If you wish to restrict Org Access via SSO you will need to add a custom assertion called orgNames and specify which Org they should be a member of by passing the desired org name.
The specifics for this are highlighted in our TechDocs page for SSO under Organization Access: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/appneta/GA/appneta-overview/system-administration/single-sign-on.html