Identity provider initiated single sign-on is a workflow whereby the user authenticates themselves into the identity provider and then accesses Templafy. This is contrary to the normal authentication flow that starts by going to the Templafy tenant and being redirected to the SSO provider. Templafy supports IdP Initiated SSO, but with some limitations.
Setup
Once the Templafy app has been installed, ensure Visible to users? is set to Yes (under Properties) and assign the relevant users to the application. The users must be assigned to the application even if User assignment required? is set to No.
Templafy will now show up in the users' applications on https://myapplications.microsoft.com if they have been assigned to the application.
OpenID Connect
Users must be provisioned to Templafy before IdP Initiated SSO can occur. Once completed (through accessing the tenant directly or SCIM), IdP Initiated SSO will redirect a user to their Templafy tenant.
SAML2
A sign on URL is defined in SAML2 which allows IdP Initiated SSO to automatically redirect a user to the correct Templafy tenant. No additional configuration is needed.
Comments
Article is closed for comments.