Hello everyone.
I don’t have a lot of experience with Auth0, and have never set up an IdP-Initiated SSO before. From all of my research it sounds like we need to use the addon: “SAML2 Web App”, but I just wanted a little clarification.
Briefly:
- Internal SPA application in our Auth0 tenant, using a MS Azure AD enterprise connection
- SPA user is already authorized in the application
- User clicks a link to launch an external 3rd party web application
3rd Party Web App:
- Acting as Service Provider
- Uses ADFS to implement identity federation between IdP
- SAML v2.0 protocol
- Web Browser SSO Profile
- IdP-Initiated SSO using a POST Binding for the IdP-to-SP message
Desired Outcome:
- User can launch the external web application, and get authorized without having to re-enter SPA credentials.
Is the “SAML2 Web App” addon the correct way to go?
Do I add the addon to our SPA application, or create a new application for the 3rd party web app, and add it there?
Where would I get the URL to initiate/launch the 3rd party web app (which causes Auth0 to generate/send the SAML assertion)? Is that the “Identity Provider Login URL” from the “SAML2 Web App” addon “Usage” tab?
Thanks,
Mike