Auth0 Home Blog Docs

IdP-Initiated SSO and specifying different scopes and Auth0 applications

saml
samlp

#1

Hi there,

We are currently using multiple SAMLP connections for different customers to access our web application. I saw from the IdP-Initiated SSO article that only one application can be selected for an IdP-initiated login per SAML connection. Is this correct that we cannot use the same SAMLP connection but redirect the user to different Auth0 applications?

Is it possible to specify different scopes for an IdP-initiated login? If so how do we do this? As far as I can tell we cannot change the Single Sign On URL in the IDP to be able to achieve this?

Thanks,
Andy


#3

Hey @andy.layzell

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!


#4

Hi @James.Morrison,

I actually raised a support ticket to solve this. Below is the response I received:

" for a SAML IdP-Initiated flow your analysis is correct and you can only do a one to one mapping. One SAML connection maps/redirects to a single client application for IdP-Initiated flows.

If you selected the OpenID Connect protocol then when configuring this mapping there is a Query String field that would allow you to configure the scopes that should be used when providing a response to the application.

The recommendation would be if at all possible to instead make use of SP-Initiated flows where it would be possible to have one SAML connection being used without constrains by multiple client applications."

Thanks,
Andy


#5

Thank you for sharing the solution, I’m glad our team was able to help!