WSO2 Identity Server SAAS App

If you create a service provider in a tenant , that service provider can be accessible within only that tenant. But if you want to give access accross all the tenant domains.

You can add tick “SaaS Application”

But that is not enough. You have to pass the tenant domain inside the authentication saml request when you trying to log. Otherwise it will consider a new user trying to log into super admin domain.

To avoid this you can add ticks for

Use tenant domain in local subject identifier

Use user store domain in local subject identifier