IDP Routed SaaS Applications

Use IDP routing capabilities in your Identity Provider to enforce Banyan Policies on your SaaS applications

  • Updated on Mar 22, 2022

This article describes features that are only available in the Banyan Business edition and Banyan Enterprise edition.

This topic details IDP Routed authetication to secure your SaaS apps; in this technique, the SaaS Application is configured for SAML/OIDC authentication using your Identity Provider and your Identity Provider is configured to federate to Banyan’s TrustProvider component. Zero Trust policies are defined for groups of SaaS applications you route via IDP Federation logic. You can also configure Banyan Federated authentication to secure your SaaS apps.

How It Works

The diagram below provides a conceptual overview of how you can use Banyan via Identity Federation for Device Policies on SaaS Apps.

In the Normal Single-Sign-On flow, your SaaS Application redirects to your Identity Provider to authenticate the user.

In the IDP-first authentication flow, you configure your Identity Provider to federate authentication requests to Banyan’s TrustProvider component. Because Banyan is now in the authentication flow, it is able to enforce Zero Trust security policy.

The step-by-step flow is detailed in the diagram below:

Identity Provider Setup Guides