IdP-Initiated Login is Not Enabled for Connection "TestIDPConnection" Error


When attempting to configure a SAML connection through Microsoft AD or Okta, the following error message appears while testing the application: “invalid_request: IdP-Initiated login is not enabled for connection ‘TestIDPConnection’.”


To resolve the issue where the IdP-Initiated login is not enabled for the connection “TestIDPConnection”, follow these steps:

  1. Ensure that the Azure and Okta IDP is SAML and that the application “TestIDPConnection” is a Regular Web application with the SAML Addon disabled.
  2. Refer to the documentation on setting up IdP-Initiated SSO:
  1. Verify that the SAML addon is enabled and configured for the default application if SAML is intended as the response protocol.
  2. If opting to retain the current application configuration, switch to OpenID Connect as the Response Protocol in the IdP-Initiated SSO settings.

Step-by-Step Instructions:

  • Enable and configure the SAML addon for the default application if using SAML as the response protocol.
  • If maintaining the existing application configuration (SAML addon disabled), change the response protocol to OpenID Connect in the IdP-Initiated SSO settings, as per the below image.