This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 65%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Scenario:
Partner users---IDP(A)----IDP(B)---SP--Internal users
All is working, but partner request to avoid login at their IDP and having true SSO as what they are having with their internal apps. We are using SP_initiated, IDP(B) will redirect users to IDP(A) to get SAML token but users at IDP(A) does not want to login.
Is there a solution? I can see using user certificate, but I want to avoid certificate mangement
Thanks
IDP(A) is authenticated the user. So IDP(A) has to take care of the SSO.
What is IDP(A) is that AD FS? Ping? Azure AD? Is IDP(A) managed by the partners? Where are the actual accounts?
And how are the partners users connected to IDP(A)? From a machine a managed par the partner? F
IDP(A) is Shibboleth, managed by Partner. Users login to their SSO portal where they see app icon integrated with their IDP
Thanks