Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

IdP initiated SSO

 

IdP_Initiated_SSO_new.png

How IdP initiated SSO works:

  1. User requests a service by entering a URL similar to https://company.com/adfs/ls/idpiniti...pany.myshn.net
  2. Federation Server sends user credentials challenge (several mechanisms possible, including username/password, two-factor, and more).
  3. The user responds to challenge (log in through username and password).
  4. Federation Server contacts respective directory service to validate user credentials.
  5. Directory Service responds with a success or failure.
  6. Federation Server sends an HTTP Redirect POST request to https://logincrm.company.myshn.net with SAML Response back to User Agent (browser).
  7. The browser sends a POST request to https://logincrm.company.myshn.net, which is the Proxy, with SAML Response received from Federation Server.
  8. Proxy rewrites the SAML Response (assertion consumer URL), resigns it and does a POST request to https://login.salesforce.com, the rewritten SP URL, with rewritten SAML Response.
  9. Service Provider validates the SAML Response, and if successful will send a Redirect Response for https://<pod>.salesforce.com/
  10. Proxy rewrites the URL and forwards the Redirect Response for https://<pod>crm.company.myshn.net back to the browser.
  • Was this article helpful?