Manage Federation Broker Mode
Federation Broker Mode allows for Single Sign-On (SSO) without the need to pre-assign apps to specific users. Only the sign-on policy and the authorization rules for each app manage access. This mode can improve import performance and can be especially helpful for Customer Identity and Access Management (CIAM) orgs with many users or apps.
Federation Broker Mode isn’t supported for API Services app integrations.
Federation Broker Mode is best used in the following scenarios:
-
CIAM scenarios with many users, no End-User Dashboard, no SCIM provisioning requirements, and/or custom OIDC/SAML apps
-
Implementations with millions of users, where you want to add existing groups of users to applications
-
When app user profiles reach or exceed 50 million (due to either 50,0000+ users and 1,000+ apps, or 500,000+ users and 100+ apps)
If you have many group assignments, enabling or disabling Federation Broker Mode can consume substantial processing resources and take a significant amount of time to complete.