Hi pratysin,
They are effectively the same, but I will make a few notes below which may hopefully clear it up for you.
- Identity Providers hold a list of users and groups, much like an Microsoft Active Directory server also holds users and groups (and computers and things outside the scope of this topic). It's effectively a source of information for authentication purposes and to be used by authentication assertions in policy.
- An "Authenticate against Identity Provider" assertion will let users that are anywhere inside that Identity Provider authenticate themselves when prompted in policy.
- An "Authenticate against User or Group" assertion is a subset of the above and will narrow it down to certain users or a group which users are members of. This makes it so you're not opening it up to all users in the Identity Provider, but just those that fit a certain requirement (specific user or member of a specific group).
Documentation quick references:
Please let us know if that helps or if you need any further clarification. If I've misunderstood the question, please also let me know that too.
Welcome to policy development by the way! :-)
Sincerely,
Dustin Dauncey
Sr Support Engineer, Global Customer Success
Email: CATechnicalSupport@ca.com
Phone: +1 800 225 5224
Outside of North America - ca.com/us/worldwide.aspx
CA API Management Community: ca.com/talkapi