When a BIG-IP® system is configured as a SAML service provider (SP), you can use SAML identity provider (IdP) automation to automatically create new SAML IdP connectors for SP services. Access Policy Manager® (APM®) polls a file or files that you supply; the files must contain cumulative IdP metadata. After polling, APM creates IdP connectors for any new IdPs and associates them with a specified SP service. APM uses matching criteria that you supply to send the user to the correct IdP.
Here is an example in which SAML Identity Provider (IdP) automation is especially useful. A large service provider (SP) supports a number of SAML identity providers. The service provider defines a SAML SP service on Access Policy Manager® (APM®) for access to that service. As IdPs come online, the service provider collects metadata from them and aggregates the IdP metadata into a file.
APM polls the metadata file, creates IdP connectors, associates new connectors to the specified SAML SP service, and ensures that clients performing SP-initiated access are sent to the correct IdP.