In the external SAML identity provider, enable IdP-initiated SSO. The specifics of the configuration vary depending on the identity provider. See the identity provider documentation for more information.
Configure the RelayState parameter to contain the
applicationIdwhen the IdP sends an SAML assertion to PingOne.Example:
For some applications, the
applicationIdis also known as the
Optionally, you can also include
applicationUrlin the RelayState.Example:
applicationUrlis used only when
target_link_uriis not configured.
The following is a sample request to the OIDC application.
https://myapp.com/login?iss=https%3A%2F%2Fauth.pingone.com %2Fb18072d1-07a0-4771-8cb6-efa42700dc5b%2Fas &target_link_uri=https%3A%2F%2Fmyapp.com/overview
If needed, you can include
target_link_uriparameters directly in the
Initiate Login URIconfiguration. These parameters take precedence over the values for the PingOne application. For more information, see Initiating Login from a Third Party.