We are exploring component space SAML for single sign on requirement. We have an issue with multi tenancy login.we have 2 service providers like OKTA,One login. We are following SP Initiated SSO. We have a scenario like if SP1 is logged in one window, if we tried to open SP2 in new window it should navigate to the IdP page instead of logging in automatically.please let us know whether this is posiible or not,if so how we can implement. We followed the below steps: 1. I'm logged into OKTA. Then on a same browser new window, I try to login to 1Login. 1Login logs me in under the same user(Okta user) automatically.
Hi Shwetha This is controlled by your application and how it handles authenticated user sessions. Normally once a user has logged in an authentication cookie is set. If you open a separate browser window to the same application, you won’t have to login as the browser will send the authentication cookie to the application. Usually with SAML SSO, this is what you want to happen at the IdP. Each time you receive a SAML authn request from an SP, if the user is already authenticated at the IdP, you simply return a SAML response without requiring another login. However, your application has control of this. Sometimes the SAML authn request includes a ForceAuthn flag. We return this to you in the SSOptions. If this flag is set the IdP should force the user to authenticate even if they’re already done so. Otherwise, your application can decide to force the user to login each time a SAML authn request is received. Our SAML API doesn’t control user authentication. It’s really up to you how you wish to handle user authentication at the IdP.