Single Sign-On (SSO) scenarios
Supplier Portal supports two primary SAML 2.0 SSO scenarios with HTTP Redirect-POST binding. Authentication requests from the SP are sent to the IdP as either an HTTP redirect, or as an HTTP Post. Responses or requests from the IdP to the SP are expected to be sent as HTTP Post.
SP-initiated SSO
SP-initiated SSO is a scenario in which the user starts the sign-on flow from Supplier Portal, either actively or passively.
- Active SSO
-
The user signs into Supplier Portal by clicking the corresponding signing-in link.
Active SSO
- Passive SSO
-
The user visits a private page or file attachment, which they cannot access without authentication.
Passive SSO
Authenticating with IdP
Both the active and passive SSO send the user to the IdP for authentication.
Authentication with IdP
IdP-initiated SSO
A user is using an internal application that has already been authenticated with the IdP. They click a link that leads to the Supplier Portal site, which begins an SSO session. If needed, a new user is created in Supplier Portal (or the existing user is found), and the user is logged in.
IdP-initiated SSO
