thijskh
commented
2 years ago It depends a bit on where this information originates, i.e. how could the authproc know which users to trigger it for and which not. Maybe you can add a feature that only tiggers sfo if some state var is set, and use another auth proc (or core:PHP) to set this state var for the users that you require it for?
Currently SFO can be enabled for the entire IdP, or for specific SPs. I would like to enable it for a subset of users/groups for a specific SP first. Is there a way to have this more fine grained control?