--- title: Enable IdP discovery description: You can use IdP discovery to associate the partner account with an identity provider (IdP). When you're initiating an SSO request (SP-initiated SSO), there's then no need to specify the identifier for the identity provider (IdP). Instead, we will resolve the correct IdP by associating an email domain with the partner's IdP. During a user's initial SSO, we will prompt the user to enter a matching email domain. (The user is prompted for the email domain only during their initial SSO.) component: pingoneforenterprise page_id: pingoneforenterprise:pingone_sso_for_saas_apps:p14saas_enable_idp_discovery canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_sso_for_saas_apps/p14saas_enable_idp_discovery.html revdate: December 23, 2021 section_ids: about-this-task: About this task steps: Steps --- # Enable IdP discovery ## About this task You can use IdP discovery to associate the partner account with an identity provider (IdP). When you're initiating an SSO request (SP-initiated SSO), there's then no need to specify the identifier for the identity provider (IdP). Instead, we will resolve the correct IdP by associating an email domain with the partner's IdP. During a user's initial SSO, we will prompt the user to enter a matching email domain. (The user is prompted for the email domain only during their initial SSO.) ## Steps 1. Select the **Managed Accounts** tab to display the list of managed customer accounts. 2. Click the Details icon to display the account details, and click the edit icon. 3. **Optional:** Edit the available account settings. 4. In the **IdP Discovery** section, enter the **Email Domain** to use for IdP discovery. We'll use the email domain you specify to discover the IdP and assign it to the partner account. 1. Enable **Set as default IdP** if you want us to redirect users to the IdP for the specified email domain. We will redirect users to this IdP in the event that, during SP-initiated SSO, users enter an email address that we are unable to match to an IdP. The **Set as default IdP** setting will not be displayed if you have already enabled this setting for the partner account. When a user initially attempts to sign on (SSO) to the application, the user is prompted for their email address. If the domain of the email address matches one of the IdP discovery domains you've assigned, we will redirect the user to the corresponding IdP for authentication. If the domains do not match and you have not enabled **Set as default IdP**, an error is displayed and the user is prompted again for their email address. When **Set as default IdP** is enabled, the user is redirected to the default IdP to authenticate.