Manage SSO user access in Aha - not from IdP

Who would benefit?

Aha Admins, IT teams

What impact would it make?

Simplify user management

How should it work?

Currently, if I have SSO on my idea portals then employees can access any portal that the SSO is connected to. I am not able to, say, allow "all employees" to access the internal employee idea portal but limit "passed the training" access to a secondary customer-facing portal.

Also, currently I can't both have SSO and "gatekeep" access based on folks passing a training - if I did want to limit access, I would have to burden my IT team and bottleneck my process by managing access in the IdP.

In other words, just because I want to use SSO for authentication does not mean I want to manage access permissions through that IdP. Like the admin side, I want to be able to specify permission to access from the Users page of each Idea Portal.