---
title: About IdP-initiated SSO with PingAM
description: IdP-initiated SSO occurs when a user attempts to access a protected application, using the IdP for authentication. The IdP sends an unsolicited authentication statement to the SP.
component: pinggateway
version: 2025.11
page_id: pinggateway:gateway-guide:federation-about-idp-init
canonical_url: https://docs.pingidentity.com/pinggateway/2025.11/gateway-guide/federation-about-idp-init.html
revdate: 2025-10-22T14:04:06Z
---

# About IdP-initiated SSO with PingAM

IdP-initiated SSO occurs when a user attempts to access a protected application, using the IdP for authentication. The IdP sends an unsolicited authentication statement to the SP.

Before IdP-initiated SSO can occur:

* The user must access a link on the IdP that refers to the remote SP.

* The user must authenticate to the IdP.

* The IdP must be configured with links that refer to the SP.

The following sequence diagram shows the flow of information in IdP-initiated SSO when PingGateway acts as a SAML 2.0 SP:

![saml-idp-initiated](https://kroki.io/plantuml/svg/eNqFU0Fu2zAQvPMVi1xysZ02hxyK2oDTFmmABhEipyddaGklElBIlqSs-kn9Rl_WIW03iZsmugiUZmdmZ5fi7FTQJ-u2Xncq0u9fdP7u_QVN8Tq_oEKbjq4bNlHHLWDeWS-jtkYIWikdqLYNE97R0pppCNwQ_6z7IegN91vSBghjuE41NOqoXqGkYNs4Ss9kPQX2G11zmIn_V5A10LBtyz5QGGr1IkPy1nMne8oMmoOgUVlScsPpE3uY1gYoSWttmqTWo9AEJtl55geA3vA-E6dnQuBrz_hfTK8NhGQEcVneCjlEa4aHNXvhpI-61k6C8oTyc-ntCK-7wwnJQPfhGJmElzeV0Qdt5-0GB5_xUPwXfgX5UW4rs8_heUlZHFspvI2YEyxL59D_LuGdoaVzQsznqRlkTlExtQyqHWY-F8nxdAEfH-jralXQ1ZcVef4xcIgp_lTgXuKvTFTeDp3KqemnqWE0jbOYSyb_uGe_25PWGFqKQvZhQtI0afU89bYLGKVIZIsS8M_aQzPrH9kpi0ll9pFQubz5hj5BkUwFarE-CZRIRbnn-i573cBd_vMInmDRdgoyRq_XQ8SCIavlY5fT4LjWra7JoW60voEb18ttiu5Af8eoZqzks9Yyrk77rDttsMOHeCuTNzIfi9tyle5ZlEgQG_qEAe1WBvun0rnO7l8Zx0zA9XSRAs-GBm_gIDib7oKTHVNQdkwSUcn4NyJcpZCy7_JFEn8Agu6Fnw==)