Hi Ralf,
the IdP manages user authentication, but we cannot limit the access at this level.
For example, if my user, user1, authenticates with SAML, I should also have a valid PAM Session and sssd service in the system, in order to get the groups associated with (e.g. group1, group2).
If group1 is set in the property auth-required-user-group in /etc/rstudio/rserver.conf, I should get access to RStudio. If not, access should be denied.
Our IdP returns the NameID, matching the user's account username in the local system.
So, I expect access would be regulated through this property in /etc/rstudio/rserver.conf, even if I use SAML.
Thank you again, best regards
Andrea