Enabling IdP-initiated SSO - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne

PingOne Cloud Platform

category

Product

p1cloudplatform

ContentType_ce

Page created: 5 Apr 2022 |

Page updated: 19 Jan 2023

| 1 min read

PingOne Cloud Platform PingOne Product

In the external SAML identity provider, enable IdP-initiated SSO. The specifics of the configuration vary depending on the identity provider. See the identity provider documentation for more information.

Configure the RelayState parameter to contain the applicationId when the IdP sends an SAML assertion to PingOne.
Example: applicationId=bda4e692-84c2-4f90-8835-d28da695c748
Optionally, you can also include applicationUrl in the RelayState.
Example: applicationId=bda4e692-84c2-4f90-8835-d28da695c748&applicationUrl=https://myapp.com/overview
Note:
The applicationUrl is used only when target_link_uri is not configured.

The following is a sample request to the OIDC application.
```
https://myapp.com/login?iss=https%3A%2F%2Fauth.pingone.com
%2Fb18072d1-07a0-4771-8cb6-efa42700dc5b%2Fas
&target_link_uri=https%3A%2F%2Fmyapp.com/overview
```
If needed, you can include iss and target_link_uri parameters directly in the Initiate Login URI configuration. These parameters take precedence over the values for the PingOne application. For more information, see Initiating Login from a Third Party.