SP- versus IdP-initiated sessions
Medallia Experience Cloud servers are service providers (SP). When a user connects to Experience Cloud , the application asks the identity provider (IdP) to verify the user's account. The IdP may require the user to first sign in to the IdP application. Once the IdP has authenticated the account, the user is permitted to access the application. This form of SSO verification is known as SP-initiated authentication.
Some companies provide an alternative called IdP-initiated-authentication where the user first signs in to the IdP application, and then clicks an IdP-hosted link to access the Experience Cloud application (the SP). When the user clicks the link, the IdP passes the user's authentication to the SP while redirecting the user to the application.
The main differences between the two forms are
IdP-initiated always sends all users to the same fixed URL.
When using SP-initiated the user can access a specific screen in the instance, and is redirected to that location after authentication.
SAML SSO deep-link authentication is a variation of IdP-initiated authentication that allows different users to access different Experience Cloud applications: all users do not go to the same fixed URL.