Auth0 IdP-Initiated SSO between SPA and External (SP)

Hello everyone.

I don’t have a lot of experience with Auth0, and have never set up an IdP-Initiated SSO before. From all of my research it sounds like we need to use the addon: “SAML2 Web App”, but I just wanted a little clarification.

Briefly:

  • Internal SPA application in our Auth0 tenant, using a MS Azure AD enterprise connection
  • SPA user is already authorized in the application
  • User clicks a link to launch an external 3rd party web application

3rd Party Web App:

  • Acting as Service Provider
  • Uses ADFS to implement identity federation between IdP
  • SAML v2.0 protocol
  • Web Browser SSO Profile
  • IdP-Initiated SSO using a POST Binding for the IdP-to-SP message

Desired Outcome:

  • User can launch the external web application, and get authorized without having to re-enter SPA credentials.

Is the “SAML2 Web App” addon the correct way to go?
Do I add the addon to our SPA application, or create a new application for the 3rd party web app, and add it there?
Where would I get the URL to initiate/launch the 3rd party web app (which causes Auth0 to generate/send the SAML assertion)? Is that the “Identity Provider Login URL” from the “SAML2 Web App” addon “Usage” tab?

Thanks,
Mike