Identity provider-initiated SSO flow

This section describes the SAML identity provider-initiated single sign-on (SSO) flow for applications integrated with an AppDirect-powered marketplace. For the service provider-initiated SSO flow, see Service provider-initiated SSO flow.

A description of each step follows the image.

Identity Provider-Initiated SSO Flow

  1. The user initiates SSO by clicking on the MyApps tile.
  2. The user is authenticated with the marketplace (if they're not already logged in).
  3. The SAML response (assertion) is generated and the marketplace sends a POST request to the Assertion Consumer Service (ACS) URL registered with the SSO product configuration.

    Following is an example:

    https://www.isv.com/acs?SAMLResponse=<SAML_response>

    See Example C—SAML response in SAML authentication event examples for an example of the full SAML response sent to the developer’s ACS.

  1. The SAML response is validated by the developer.
  2. The user is logged in to the developer application.