Self-Service SSO Migration - Reuse IdP across Workspaces?

Question

I have two questions about the new Self-Service SSO setup and migration. I have read the migration guide and watched the provided step-by-step video, but I find two items still not clear:

Can the same IdP connection be used for multiple workspaces (e.g. production and sandbox)? The instructions only talk about "To add a new IdP” but never talk about any ability to re-use an existing connection that is in use for another workspace. Is that possible?
If it is possible to use/share the same IdP connection across workspaces, then does LeanIX still recommend using different IdPs for production and sandbox (with two different Entra applications, one for prod and one for sandbox)?

Best answer by geoffrey.lowney

LeanIX says:

The short answer to the first question is a confirmed yes - you can reuse the same IdP across workspaces.

For question 2, we don’t require separate IdPs but the best practice is to have the two different (one Prod/one Sandbox). This is just a cleaner and safer approach.

geoffrey.lowney · Accepted Answer

LeanIX says:The short answer to the first question is a confirmed yes - you can reuse the same IdP across workspaces. For question 2, we don’t require separate IdPs but the best practice is to have the two different (one Prod/one Sandbox). This is just a cleaner and safer approach.

shreenithnaik · Answer

Glad you found the answer! ​@geoffrey.lowney

Sign-up for the LeanIX Community

Login to the community

Scanning file for viruses.

This file cannot be downloaded