You have trusted an identity provider.
For more information, see Trusting an Identity Provider.
You have configured the system to allow any service users for the Transient name ID format.
Identity federation with the type Service Users enables authenticated users that do not have personal accounts on the AS ABAP to access your system. With this configuration, multiple users are logged on with one service user account because the service provider does not care about the identity of the logged-in user. This many-to-one user mapping is done with rules that use the information provided in the assertion attributes.
You negotiate with the administrator of the identity provider to determine what kind of SAML 2.0 attributes you require. You determine how these attributes are mapped to service users in your system, while the identity provider handles the management of the users and their authentication, without your intervention.