question

YashwanthReddyYenugu-2268 avatar image
0 Votes"
YashwanthReddyYenugu-2268 asked ·

How does IDP Initated OpenID connect SSO with external IDP like okta using Azure AD B2C works?

For SP initiated SSO

  • User navigates to the service provider which initiates OIDC request to B2C with nonce and state in url parameters.

  • Based on the domainHint passed, B2C redirects the user to their IDP (okta/salesforce etc..)

  • Upon successful authentication, user gets redirected to B2C with id_token.

  • B2C creates the user in AD if not exists and redirects to SP.

  • SP validates the response with the nonce received against the nonce generated while initiating SSO and logs in the user.

How about IDP initiated SSO?

My Understanding

  • After successful authentication to IDP, user clicks on the connected app which redirects him to SP login URL.

  • SP initiated flow starts from here.

Is my understanding correct?

This is how IDP-initiated SAML SSO works: (Without B2C)
After successful authentication to IDP, user clicks on the connected app, which sends the SAML response to the ACS url configured in SP.

How does OpenID IDP-initiated SSO works using Azure AD B2C?


















azure-ad-b2c
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@YashwanthReddyYenugu-2268,

In simpler terms:

SP initiated: User accesses the application. The application constructs the request (in most cases by using MSAL) and redirects the user to B2C.

IDP initiated : User directly goes to the IDP authentication endpoint and then access desired federated application by providing required parameters, such as client_id, state, scope etc. In case of B2C, you can do the IDP initiated authentication by using the "Run User Flow" link.


Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @YashwanthReddyYenugu-2268

Please let us know if this reply helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can more easily find a solution.

0 Votes 0 ·