On-demand administrators can configure authentication settings for a third-party identity provider that supports SAML2. In this model, an on-demand user attempts to log in to SBM and is redirected to a third-party identity provider, which attempts to authenticate the user. Upon successful authentication, the user is redirected back to SBM and silently logged in with the identity that the third-party identity provider has sent back. For setup details, refer to Configuring Authentication Settings.