Identity Provider Initiated SSO
GET {{authPath}}/{{envID}}/saml20/idp/startsso?spEntityId={{spEntityIdValue}}&applicationUrl={{appUrl}}
You can start an identity provider initiated SAML single sign-on authentication session through a GET request. The GET /{{envID}}/saml20/idp/startsso?spEntityId={{spEntityIdValue}}&applicationUrl={{appUrl}} operation starts the sign-on flow.
The request URL includes the service provider's entity ID property (spEntityId) and the application's URL property (applicationUrl) as parameters in the request.
The applicationUrl parameter overrides the defaultTargetUrl request parameter (see Applications SAML settings data model) that is used to set the RelayState value passed as a deep link to the application. Although applicationUrl is generally a URL, because it's used as deep link, this is not enforced.
For DaVinci authentication flows, the flowPolicyId optional parameter specifies the ID of the DaVinci flow policy that is used to authenticate the user. The value must be one of the DaVinci flow policies configured for the application (see Create an Application Flow Policy Assignment). If omitted, the flow uses the authentication policy logic described in Application Flow Policy Assignments.
| Parameter | Description |
|---|---|
applicationUrl | The application's URL. |
flowPolicyId | The ID of the DaVinci flow policy that is used to authenticate the user. |
spEntityId | The service provider entity ID used to lookup the application. This is a required property and is unique within the environment. |
See SAML data model for complete descriptions.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
spEntityId | string | ||
applicationUrl | string |