This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 9%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
We can federate a domain on AAD and configure a third party SAMLP as described here https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp.
When doing IDP initiated SSO to AAD it's ignoring the relay state parameter in SAMLResponse sent to AAD hence user lands on office portal always.
If there a way we can set the relay state in the SAMLresponse so that the user lands on the app directly after SSO to AAD instead of landing on portal.
If we start the flow using user access url of the app then the user lands on app directly but its SP initiated flow wanted to know if its possible with IDP initiated flow
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 8%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Sorry, which third party SAMLP do you used?
I always get the error, AADSTS51004: The user account xxx does not exist in the yyy directory. To sign into this application, the account must be added to the directory.
We used Citrix gateway IDP, the sign in works fine to AAD but it ignores the relay state sent in assertion to it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 27%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEH%3C/text%3E%3C/svg%3E)
were you able to figure this out? Or was your conclusion the same: AAD/MIF as an intermediary to the O365 SP when you're using an upstream IdP doesn't support RelayState. It always lands at office.com