Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

IdP initiated SSO



How IdP initiated SSO works:

  1. User requests a service by entering a URL similar to
  2. Federation Server sends user credentials challenge (several mechanisms possible, including username/password, two-factor, and more).
  3. The user responds to challenge (log in through username and password).
  4. Federation Server contacts respective directory service to validate user credentials.
  5. Directory Service responds with a success or failure.
  6. Federation Server sends an HTTP Redirect POST request to with SAML Response back to User Agent (browser).
  7. The browser sends a POST request to, which is the Proxy, with SAML Response received from Federation Server.
  8. Proxy rewrites the SAML Response (assertion consumer URL), resigns it and does a POST request to, the rewritten SP URL, with rewritten SAML Response.
  9. Service Provider validates the SAML Response, and if successful will send a Redirect Response for https://<pod>
  10. Proxy rewrites the URL and forwards the Redirect Response for https://<pod> back to the browser.
  • Was this article helpful?