WSO2 Identity Server SAAS App
If you create a service provider in a tenant , that service provider can be accessible within only that tenant. But if you want to give access accross all the tenant domains.
You can add tick “SaaS Application”
But that is not enough. You have to pass the tenant domain inside the authentication saml request when you trying to log. Otherwise it will consider a new user trying to log into super admin domain.
To avoid this you can add ticks for
Use tenant domain in local subject identifier
Use user store domain in local subject identifier