I've looked at the case example for the Faros mlti-tenent embedded app, and the docs for the SSO with JWT however I'm still unclear how those two can go together in the scenario where our som eof our multi-tenants have their own IdP for SSO to our app. HOw does that work, or can it work, where clients have their own IdP which is not the one configured in Metabase, which is for our own employees?
In Metabase the IdP is just one, so on your end you need to authenticate the users on their respective IdP's (this is done on your app) and then to Metabase send the signed JWT which Metabase will accept and create the user on the fly. Metabase does not redirect the user to the IdP, but rather accepts the signed JWT that comes from your app
thanks for explaining that ... so that relates to creating users in metabase. So let's say the user is already created and clicks on the embed link on their site in our platform ... this is what the doc says
"Retaining the original /question/1-superb-question URI, Metabase redirects the person to the SSO provider (the authentication app)."
But what you're saying is it doesn't actually do a re-direct to the IdP ...