Please explain how LMS APIs will work for "functional" IDs that can't authenticate through our IDP/SSO.
Currently, when we have a business team that wants to use an LMS API, we create a user/admin for their process within the LMS, generate a client secret within the LMS, and they use that user and secret to call the token server. It's very simple, and takes about 2 minutes for our LMS system admin (who is NOT a developer) to set up, and provide the credentials to the requesting business team (who has developers who create the solution using the published APIs).
It looks like the new process will be:
Register the application in SF (BizX, not in the LMS module)
Obtain a SAML assertion from somewhere? The document says that it can come from IAS (but doesn't specify how to obtain one in IAS) or from our corporate IDP.
Use that SAML assertion to request a token
Step 2 is the part that needs to be clarified. These users don't exist in our corporate IDP, and although the IDP has the ability to create a functional user account, this is a pretty involved process that would be a large burden both on our LMS admin, as well as on the business teams who are developing integrations to the LMS.