I’m trying to restrict the SAML assertion based on authorization policy, looks like that approach is not working as expected.
Added a policy set
added the sp entity ID to the url list
added a subject condition that if the user is not part of the group
although the user is not part of the group the idp initiated call is still giving the saml response.
not sure if this is right approach can someone please suggest other options to get this or please point me if something can we changed to get this solution working.