Thanks for the answer. In our case, we have AD FS deployed in our environment. Prognosis will be the SP and our existing AD FS will be the IdP. The user identity asserted to Prognosis will be the user's userprincipalname (or some other directory name attribute). I see mention of Forgerock OpenAm in the security documentation. Is OpenAm a requirement for SAML SSO to Progress, or can existing infrastructure be used with no additional software?