Manage Federation Broker Mode

Federation Broker Mode allows for Single Sign-On (SSO) without the need to pre-assign apps to specific users. Access is managed only by the sign-on policy and the authorization rules of each app. This mode can improve import performance and can be especially helpful for Customer Identity and Access Management (CIAM) orgs with many users or apps.

Federation Broker Mode is best utilized in the following scenarios:

  • CIAM scenarios with a large number of users, no end-user dashboard, no SCIM provisioning requirements, and/or custom OIDC/SAML apps

  • Implementations with millions of users, where you want to add existing groups of users to applications

  • When app user profiles reach or exceed 50 million (due to either 50,0000+ users and 1,000+ apps, or 500,000+ users and 100+ apps)

If you have a large number of group assignments, enabling or disabling Federation Broker Mode can consume substantial processing resources and take a significant amount of time to complete.