Component

PingFederate 9.1

Process overview

The process for Okta as the IdP using IdP-initiated SSO is:

  1. The user goes to Okta, assuming the user has an existing Okta session.
  2. The user clicks on the Chicklet, which sends a SAML response to the configured SP.
  3. A session is established with the SP.
  4. The user is authenticated.

In SP-initiated SSO, ​the process is:

  1. The user goes to the target SP first. They don't have a session established with the SP.
  2. The SP redirects the user to the configured sign-on URL, Okta’s generated app instance URL, sending the SAML request.
  3. Okta receives a SAML request, assuming the user has an existing Okta session.
  4. Okta sends a SAML response to the configured SP.
  5. The SP receives the SAML response and verifies that it is correct.
  6. A session is established on the SP side.
  7. The user is authenticated.