sfdc-lightning.com(A Blog On Salesforce): Explain the difference between Identity Provider initiated SAML flow and Service Provider initiated SAML flow?

Identity Provider-Initiated SAML Flow:

The user logs in to the identity provider.

The user clicks a button or link to access the service provider. For example, the user clicks an app on the App Launcher page in a Salesforce org.

The identity provider initiates login by sending a cryptographically signed SAML response to the service provider. The SAML response contains a SAML assertion that tells the service provider who the user is.

The service provider validates the signature in the SAML response and identifies the user.

The user is now logged in to the service provider.

The example which we have seen above under How to configure a Connected App for SAML 2.0 Flow in Salesforce for integration service provider? is of Identity Provider-Initiated SAML Flow.

Service Provider-Initiated SAML Flow:

Now, we know how Identity Provider-Initiated SAML Flow works. Let us now try to understand Service Provider-Initiated SAML Flow.

In service provider initiated flow the user starts from service provider trying to access a service.

The service provider initiates login by sending a SAML request to the identity provider, asking it to authenticate the user.

The identity provider sends the user to a login page.

The user enters their identity provider login credentials and the identity provider authenticates the user.

The identity provider now knows who the user is, so it sends a cryptographically signed SAML response to the service provider. The SAML response contains a SAML assertion that tells the service provider who the user is.

The service provider validates the signature in the SAML response and identifies the user.

The user is now logged in to the service provider and can access the protected resource.

To setup Service Provider-Initiated SAML Flow follow the below steps:

1) Login to service provider org.

2) Go to “My Domain” under setup and click edit against “Authentication Configuration” as shown below.

Explain the difference between Identity Provider initiated SAML flow and Service Provider initiated SAML flow?

3) Now, enable the checkbox against the Authentication Service as shown below.

4) The name displayed above is nothing but the name you have provided while configuring Single Sign On in Service Provider org as show below.

5) Now, go to the login URL of service provider org you will be able to see the link to login service provider org using identity provider org credentials as shown below.