About IdP-initiated SSO with PingAM
IdP-initiated SSO occurs when a user attempts to access a protected application, using the IdP for authentication. The IdP sends an unsolicited authentication statement to the SP.
Before IdP-initiated SSO can occur:
-
The user must access a link on the IdP that refers to the remote SP.
-
The user must authenticate to the IdP.
-
The IdP must be configured with links that refer to the SP.
The following sequence diagram shows the flow of information in IdP-initiated SSO when PingGateway acts as a SAML 2.0 SP: