What is IDP Push

An IDP Push is an Identity Provider initiated Single Sign-On. 

Where the normal authentication flow is initiated by an Authentication Request from the Service Provider, this is the opposite. The authentication starts by the Identity Provider, who provides an Assertion. 

The assertion may or may not contain a relayState or redirect_uri (the Service Provider to which the assertion is to be presented). 

When IDHub receives an IDP-initiated assertion and it does not contain a relayState/redirect_uri and cannot be linked to an SP request, the user will be directed to the Application Catalog.


This is an endpoint that can be used to trigger an "IDP push" from IDhub to a SAML Service Provider.

Endpoint:  GET idhub/authenticate/push


  • entityId (required)
  • relayState (optional)
  • authenticationContext (optional)
  • comparison (optional)
  • forceAuthentication (optional)

It is possible that the relayState parameter is used to indicate to the SAML SP what URL the user has to be redirected.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.