In an AD FS-federated configuration, the authentication flow differs depending on where the user initiates the login request. This guide differentiates between IdP-initiated and SP-initiated login requests.

This guide uses the following terminology to refer to the origin of an authentication request:

• An identity provider-initiated (IdP-initiated) flow occurs when the user attempts to log in to an application from the Workspace ONE portal.
• A service provider-initiated (SP-initiated) flow occurs when the user attempts to log into an application directly from the application's sign-in portal (for example, portal.office.com for Office 365).

Your configuration can support both IdP-initiated and SP-initiated authentication flows. To support each type of authentication flow, you must configure certain settings, such as access policies in VMware Workspace ONE Access.