alt Hacker NewsWhat is the extra stuff that is provided compared to OIDC? I was implementing some of this stuff recently, and for my use case (who is this user? Do they have permission to use this application? Which parts of the application are they allowed to use?) OIDC seemed to cover everything, so I'm pretty curious if I missed some functionality that SAML provides.
Creating the user in your application before first logon.
Removing the user from your application immediately and not when their session eventually expires.
Doing those things in batch.
Querying that data at will to produce reports.
Updating a users group membership when needed and immediately and not when you decide to do so.
And then you only need an opaque userid from me and not a fat OIDC token that knows everything about my internal structure.