IdP Initiated Sign-on on Salesforce Enterprise Application vs Salesforce Sandbox

Joel Agustin 1 Reputation point

Need some help on configuring IdP-initiated SSO with enterprise applications, particularly with Salesforce. I cannot find any documentation that confirms the Sign On URL being a required field but the tip in the attached screenshot (Salesforce-App SSO Settings.png) is confusing. It says it's unnecessary for IdP-initiated but if I clear it, it throws an error message and I can't save the configuration.

If I create my own application (or Salesforce Sandbox) and enter the same Single Sign On Parameters, the Sign On URL is optional. And using this configuration I was able to do a real IdP-initiated sign on. Refer to attached (SalesforceSandbox-App SSO Settings.png).

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,068 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,576 Reputation points

    Hello @Joel Agustin ,

    Thanks for reaching out.

    Salesforce Sandbox supports SP and IDP initiated SSO when installed through the Azure AD gallery, whereas Salesforce only supports SP initiated SSO. Therefore, you must create custom enterprise application, as shown below for Salesforce, so that the Sign on URL field becomes optional. I hope this was helpful.




    Salesforce sandbox:

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments