yes, that is correct: groups are not available with saml. to do group-based login with saml, you can set your authorization server to an ldap server so that groups can be sent; alternately, you can look to see if you can provide that information in an assertion/claim value no, each realm will need to have a unique idp configured
... View more