Idp or Sp Initiated Sign-In?

Came across the possibility to choose either IDP or SP Initiated Sign-In experience, so lets look at the main differences:

IDP = Identity Provider.
SP = Service Provider or Trusted Relying Party.


When using IDP initiated sign-in, Your user will excist and therefore known to the Service Provider. You can ship users towards Your ADFS Login Site and from there the users can choose which SP they will login to.

When using SP initiated sign-in, Your SP doesn’t know about the users and rely on relaying all users towards the IDP. Preferable through a custom URL for each customer unless Your the only customer of SP. Or is in a private cloud state at the SP.


So I was looking at this in a different way, because it doesn’t change how the communcation Works. The initiation is happening in the same way, from the Client browsing towards the SP web service. Unless you provoke the use of active-federation where Your Application forwards Your credentials through the SP which then communicates With Your IDP for you.


I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts