I'm trying to get my head around some SAML concepts. We are implementing SAML support in our django-based SaaS. According to my understanding, I have to implement a SAML Service Provider. There are ways to do this using, eg djangosaml2. Using djangosaml2 I can also map SAML user attributes to django user attributes.
What I want to do, that I have so far not found how, is to limit a certain IDP to a certain group of users, so that I can map one IDP to one customer and only allow that IDP to log in as users belonging to that customer account. I'm guessing this should be a fairly standard setup and I'm missing something obvious, but what? How do I limit an IDP to be able to authenticate only a certain group of users?
