Is it possible that when authentication with SAML is successful, it triggers a process or a rule where any type of logic can be applied using the user's information?
Discussion posts and replies are publicly visible
That is not supported. What are you trying to do?
I want to control which user is created on Appian, not all user that exist in IDP has role to access application in Appian. Therefore, IDP response success but if I check the roles, there will be no role in Appian for them, therefore I do not want to create that user automatically. Same for group, I do not want to create group automatically without a validation for my side.
Why don't you control the management of Users/Roles in Appian using some LDAP Synch (or equivalent), and keep the authentication aspect (SAML) separate? That is: treat them as two separate problems. I assume you'd want to deactivate users who have bene deactivated in your IDP, and change their roles as they change in the IDP...so implement something that manages user accounts in Appian and use SAML purely for authentication purposes.
This is so confusing. Can you help clarify, give context and share details?