You have trusted an identity provider.
For more information, see Trusting an Identity Provider .
Identity federation with the type Virtual Users enables you to provide authenticated users with access to your system without needing to know specific details about those users. You negotiate with the administrator of the identity provider to determine which SAML 2.0 attributes you require. You determine how these attributes are mapped to user attributes, groups, and roles in your system, while the identity provider handles the management of the users and their authentication, without your intervention. The users exist on your system in memory only for as long as the user is logged on.
The User ID Mapping Mode value is set to Logon ID by default and cannot be changed.
You can also use this field to configure any realms or domains for the name ID formats E-mail , Windows Name , and Kerberos , or to restrict the scope of the trusted providers. For example, you can allow user IDs ending with sap.com and ban all others.
For example, if the service provider receives user IDs with the name John, then a prefix or a suffix to this user ID will make the ID unique. That way the service provider will know which trusted provider to authenticate.
These attributes provide the basis for the temporary user on the service provider. Attributes marked as mandatory must be present and have values. Otherwise the service provider rejects the entire authentication attempt. The service provider does not create the temporary user account without the mandatory values. You can also create a mapping between SAML attributes, roles, and groups or predefine the roles and groups to which temporary users belong.
For more information, see the following:
For more information about configuring an identity provider, see the documentation supplied by the identity provider vendor.