In the external SAML identity provider, enable IdP-initiated SSO. The specifics of the
configuration vary depending on the identity provider. See the identity provider
documentation for more information.
-
Configure the RelayState parameter to contain the
applicationId when the IdP sends an SAML assertion to
PingOne.
Example:
applicationId=bda4e692-84c2-4f90-8835-d28da695c748
Note:
For some applications, the applicationId is also known
as the Client ID.
-
Optionally, you can also include
applicationUrl in the
RelayState.
Example:
applicationId=bda4e692-84c2-4f90-8835-d28da695c748&applicationUrl=https://myapp.com/overview
Note:
The applicationUrl is used only when
target_link_uri is not configured.
The following is a sample request to the OIDC application.
https://myapp.com/login?iss=https%3A%2F%2Fauth.pingone.com
%2Fb18072d1-07a0-4771-8cb6-efa42700dc5b%2Fas
&target_link_uri=https%3A%2F%2Fmyapp.com/overview
If needed, you can include iss and
target_link_uri parameters directly in the
Initiate Login URI configuration. These parameters take
precedence over the values for the PingOne application. For
more information, see Initiating Login from a Third
Party.