In the 3scale admin portal a user can be either admin or member. Furthermore, a member can be assigned with certain rights.  At the moment, following rights are existing that can be assigned to the member by admin after s/he logs in via SSO: a) Developer Portal b) Billing c) Settings d) Accounts – Applications e) Analytics f) Integration & Application Plans g) Policy Registry

When an admin portal is integrated with SSO, the logged in users are members with no rights. Roles/attributes in SSO are not populated into the admin portal. Admins should assign the rights for each member individually. Members cannot be grouped under a category either (categories could have the proper rights).

Members cannot create backends or products either but they can be assigned with integration rights so that they can change an existing API.

In an organization there can be different departments and each department can be responsible for developing their own APIs. For example, the Cargo department might be responsible for developing cargo related APIs. Similarly there might be payment and flight related APIs developed by corresponding departments. In a scenario, where all APIs are to be exposed from a single Developer Portal, the existing access management falls short to satisfy the organization's needs as multi-tenancy wouldn’t solve the needs. Departments might want to create their own products in isolation and exploit the existing backends and products.

Following enhancements can be done with regard to admin portal access management and SSO integration:

• While integrating with SSO, certain users can be grouped under an account category/group to simulate the organization hierarchy in the company.
• Admin portal can populate the access management rights with the roles that are already existing in SSO.
• Each account category can be given the right to create  their products and backends which are currently not existing.
• Each account category can be given the read only right to the APIs and backends of other account categories so that they can create new products out of existing and view the product’s of other departments.