Regarding #5, “Is federating to the identity provider of companyx an option? Is it required?”
What I meant was,
Does companyX have their own identity provider, and you need to validate the user@companyX.com’s identity against their own identity provider? For example, CompanyX users sign in using their active directory, and you need to validate the identity against their active directory (not yours).
This has some advantages in your scenario,
- CompanyX users don’t have to remember a new password
- You are off the hook managing the identities for CompanyX users - say user@companyX quits, you don’t have to worry about disabling their account
- CompanyX can enforce their security policies on user@companyX
Did you get a chance to see the delegated administration link I posted earlier?
Sahil