Apigee Edge now supports authentication to the Apigee Edge via an external identity provider. Refer Securing Apigee Edge with an External Identity Provider

We need the following information from you to enable the feature,

• Preferred zone name
• The SAML2 metadata url for your IDP.
• Organization name you would like to enable the feature. Preferably let’s enable the feature for "customer-nonprod" or "customer-test" organization as a first step.

We will send you back the Apigee Edge SAML2 SP metadata for the production environment.

After configuring Apigee Edge as a SAML2 SP, we will test the authentication.

Once setup completes, we will add your "customer-nonprod" organization to the zone and validate the Apigee Edge integration. Your "customer-nonprod" organization will only be accessible via SAML at this point. The process can be rolled back incase we run into issues.

1. Migration to SAML2 requires that all management API calls must use OAuth2 authentication.Section: Using SAML with the Edge management API.

2. Migration to SAML2 involves change in automated deployments or CI/CD. Section : Using SAML with automated tasks

3. Migration to SAML2 also involves application of a simple patch to your dev portal to ensure that it uses OAuth2 to access the Edge management server.Section : Configure the Developer Services portal for SAML.

Once you validate and confirm "customer-nonprod" organization works with SAML feature enabled, you can migrate the scripts and dev portals accessing the prod account to use OAuth2.

Once all scripts and developer portals accessing your production Edge organization have moved over to using OAuth2, we will migrate your production orgs to complete the rollout.

Now your Apigee Edge production organizations will be accessed via SAML.

Please file a support ticket in case of enabling the feature or any clarifications

Thanks