Sharepoint Federation with external IDP (SAML 1.1) RRS feed

  • Question

  • Hi

    I'm looking at federating an external vendor to our company Sharepoint site.  The challenges/features I'm working with are listed below.  I'm wondering if anyone has any solutions or experiences to share:

    1. We do not want to manage the user creation for various users who already authenticate at the external vendors' site (Vendor acts as IDP).
    2. The vendor provides multiple levels of access to each vendor-employee, so that the same person may login with a more secure or a less secure means (An authenticationStrength is passed with the SAML 1.1 Assertion)
    3. The subject identifier used is the vendor-employee's email address.

    We are able to provide one level of access after creating shadow accounts for each vendor employee on our Active Directory.  We want to be able to be at least give varying levels of access driven by authenticationStrength, and if possible eliminate need of shadow accounts.

    Any suggestions...?
    Monday, December 1, 2008 11:21 PM