Apigee Edge now supports authentication to the Apigee Edge via an external identity provider. Refer Securing Apigee Edge with an External Identity Provider
We need the following information from you to enable the feature,
We will send you back the Apigee Edge SAML2 SP metadata for the production environment.
After configuring Apigee Edge as a SAML2 SP, we will test the authentication.
Once setup completes, we will add your "customer-nonprod" organization to the zone and validate the Apigee Edge integration. Your "customer-nonprod" organization will only be accessible via SAML at this point. The process can be rolled back incase we run into issues.
1. Migration to SAML2 requires that all management API calls must use OAuth2 authentication.Section: Using SAML with the Edge management API.
2. Migration to SAML2 involves change in automated deployments or CI/CD. Section : Using SAML with automated tasks
3. Migration to SAML2 also involves application of a simple patch to your dev portal to ensure that it uses OAuth2 to access the Edge management server.Section : Configure the Developer Services portal for SAML.
Once you validate and confirm "customer-nonprod" organization works with SAML feature enabled, you can migrate the scripts and dev portals accessing the prod account to use OAuth2.
Once all scripts and developer portals accessing your production Edge organization have moved over to using OAuth2, we will migrate your production orgs to complete the rollout.
Now your Apigee Edge production organizations will be accessed via SAML.
Please file a support ticket in case of enabling the feature or any clarifications
Thanks
What about Apigee On Premise with SSO SAML external integration with Azure/PING. Above notes is applicable for Apigee SaaS only.
Do we have any ways to get the Entitlement and custom or roles details of user (from external IDP) using Out of Box features ?