CA SSO (as of 12.52 SP1) does not allow multiple partnerships for a single IdP entityID to be active at a time.
Unable to create multiple unique configurations for a single identity provider. This limits the options to integrate with external IdPs in order to support dynamic authentication, identity mapping, and application integrations.
Currently having a single IdP 'active' means any dynamic type features requires multiple IdP entities - which may not be available with external partners that only maintain one entityID but support multiple request capabilities - or custom plug-ins etc.
Allow multiple IdPs to be active at one time. When calling the authnrequest and other Federation services on the SPS or Web Agent Option Pack reference the configuration by NAME rather than entityID.
Since the IdP partnerships are, to a degree, independent when working solely with them being able to call by NAME/Alias allows better flexibility without custom plug-ins or code. For example, I could have 3x configurations for a partner IdP: (1) has single-factor authncontext processing at level 1, (2) has two-factor authncontext processing at level 2, and (3) has multi-step two-factor authncontext processing at level 3.
Authentication flows could then be handled dynamically very easily by simply altering the URL for different NAMS. E.g.,