SSO groups enable you to set up more than one service provider with generic metadata in a single tenant and add more than one application for the Secure Cloud Access IdP proxy. For example, you will need to create a group:

• If you have multiple accounts of a cloud type that provides a generic SP metadata file for SSO setup, and you want to create a login CAC for each account and set up policies for them. For example, Box provides metadata with the entity ID of box.net, no matter which Box account you need for setting up login CAC.

• If you must provide more than one set of SP and IdP metadata for the Secure Cloud Access IdP proxy, and you need unique entity IDs for each set of metadata.

  Each service provider you create must belong to an SSO group. Service providers you have already created will be assigned to a default group, which cannot be deleted. Any new service providers you create will also be assigned to this default group, until you create one or more new groups. For instructions to create a new SSO group, refer to Create a new SSO group.