We use the native OutSystems O11 SAML integration to integrate with our Azure AD to achieve SSO.
We need to use some SAML claims (which I mapped in the SAML configuration) to extend the auth logic, i.e. to decide whether a user can log in.
Where is the proper way to add this logic? Some central functionality which I can extend/modify so that whenever my app is accessed, it is executed?
Are you looking to enforce this SAML-claim–based validation globally during the authentication flow (before the user session is created), or only when specific applications/screens are accessed?
Only some applications need this validation, not all of them.