AAD B2C - SAML Service Provider [SP] - Difference between SP initated & idP initiated

Syed Palayathar 486 Reputation points

Dear Experts

I have recently successfully configured AAD B2C to authenticate Dynamics 365 portal using custom flows with multi-tenant AD and other identity providers. Now I am trying to use AAD B2C to authenticate web application that accepts SAML assertions. I followed this excellent article to successfully configure a test SAML application.

However, when I studied deeper about this, I encountered these questions.

1) What is the difference in SAML Service Provider between SP Initiated and IDP Initiated
2) How to implement IDP initiated workflow?. My understanding is that the above article is for SP Initiated flows. I found another article for IDP flow but it seems that it is pretty old and people are saying not to follow this.

3) Regarding the real application in question; at the moment that web application's is user creds are stored in a database. When the user accesses the app URL [from public internet], it prompts for credentials. It then checks against that database and provides appropriate access. We want to replace this with AAD B2C.
My understanding is that if I am going to implement SP initiated or IDP initiated flows, in either case, apart from configuring Azure AD B2C for issuing SAML assertions, my understanding is that the web application should also be configured [by developers] to accept SAML tokens from AAD B2C. Correct?

Thanks for your amazing support

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,635 questions
0 comments No comments
{count} votes