We have a single web app that we provide to various enterprise clients. In our system each enterprise client has their own group which contains basic settings for that group as well as a specific sub-domain for that group. All users in our app are associated with a particular group.
(example: pepsi.MYAPP.com, cocacola.MYAPP.com,
If a pepsi user logs in at cocacola.MYAPP.com, it will work because it always loads main.MYAPP.com and displays the appropriate settings.)
It works so that no matter what URL a user logs in at, we recognize the user by their e-mail and serve up the app settings according to the 'group' in which they are assigned. Some of our enterprise clients use SAML 2.0. Our ASP MVC app is hosted in Azure.
1) Would your product allow us to implement SAML 2.0 for different Groups?
2) Once we install your product, is configuring SAML for each Group relatively easy / simple?
3) Could my Admins configure the SAML settings on a Group Profile Settings page without having to hard-code anything under the hood?
4) We use Gonative.io to provide native apps which use our existing HTML websites. When users login with SAML, would they momentarily leave our app and launch the browser, and then return to our app once authenticated?
I'm not exactly sure how it would work but here is my idea:
If a user enters their e-mail address, we would immediately recognize which group they belong to and hide the password field and say "single-sign-on enabled' with a continue button that would bring them to the SSO page and then return to our app once authenticated.
(See how dropbox does this here: https://auth0.com/docs/saas-apps)