Hi guys, Our requirements are the following: - login one must decide if it is business or normal user - at registration business users might have extra attributes - users are persisted in AD, different OUs I guess the cleanest solution would be to have different realms for each category of users, but our constraint is that our CMS, that is the client for the realm can define only one Identity Provider (via SAML)... Would like to hear your thoughts. Thanks, Adrian