Provide true SSO in a case Federated SSO (eliminate login at external IDP)

BlackCat 86 Reputation points
2022-02-16T07:14:05.063+00:00

Scenario:

Partner users---IDP(A)----IDP(B)---SP--Internal users

All is working, but partner request to avoid login at their IDP and having true SSO as what they are having with their internal apps. We are using SP_initiated, IDP(B) will redirect users to IDP(A) to get SAML token but users at IDP(A) does not want to login.

Is there a solution? I can see using user certificate, but I want to avoid certificate mangement

Thanks

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,248 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,181 Reputation points Microsoft Employee
    2022-02-17T19:04:20.387+00:00

    IDP(A) is authenticated the user. So IDP(A) has to take care of the SSO.

    What is IDP(A) is that AD FS? Ping? Azure AD? Is IDP(A) managed by the partners? Where are the actual accounts?

    And how are the partners users connected to IDP(A)? From a machine a managed par the partner? F

    0 comments No comments

  2. BlackCat 86 Reputation points
    2022-02-17T19:30:52.893+00:00

    IDP(A) is Shibboleth, managed by Partner. Users login to their SSO portal where they see app icon integrated with their IDP

    Thanks

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.