Enable IdP-initiated SSO login for Entra ID

  • Updated

In Opti ID, you can configure identity provider (IdP)-initiated login. This lets users log in to Opti ID with your organization's single sign-on (SSO) without having to re-enter their email on the Opti ID login page (https://login.optimizely.comor re-authenticate if they are already logged in.

After you configure the IdP-initiated login, if users are already logged in with your organization's SSO provider when they navigate to Opti ID, they are redirected to the Opti ID home dashboard without the need to log in again (https://home.optimizely.com). This provides a more seamless login experience to Optimizely.

If you have a Security Assertion Markup Language (SAML) SSO integration with Opti ID and Entra ID, you do not need to do anything. SAML Entra ID applications use the user access URL from the application properties to automatically sign into the application.

Prerequisites

  • Microsoft Entra ID account with an active subscription
  • One of the following Entra ID roles:
    • Cloud Application Administrator
    • Application Administrator
    • Owner of the Service Principal
  • SSO configured with Opti ID

Configure IdP-initiated SSO login

These instructions are only for OpenID Connect (OIDC) SSO integrations with Opti ID and Entra ID. You do not need to do any additional configuration for SAML SSO integrations with Opti ID and Entra ID.

If you have multiple SSO connections that you want to configure this for, repeat these instructions for each SSO connection. If you remove and recreate an SSO connection that already has IdP-initiated login configured, you must update the IdP-initiated URL in your IdP.

Copy your IdP-initiated URL from Opti ID

  1. Go to Settings > SSO in the Opti ID Admin Center.
  2. Select the SSO connection for which you want to configure the IdP-initiated SSO login.
  3. Copy the IDP-Initiated URL.

Add the IdP-initiated URL in Entra ID

If you have an OIDC SSO integration with Opti ID and Entra ID, complete the following steps to configure the IdP-initiated SSO login.

  1. Go to Identity > Applications > Enterprise applications > All applications in the Entra ID admin center.
  2. Search for and select your OIDC SSO application for Opti ID.
  3. Go to Single sign-on > Linked.
  4. Enter the IdP-initiated URL you copied from the Opti ID Admin Center in the Sign on URL field.
  5. Click Save.

Microsoft My Apps portal

After you complete this configuration and ensure your app is set as visible, it displays in the Microsoft My Apps portal to all users or groups you have assigned it to.

When users click the Opti ID application tile, they automatically authenticate with Opti ID and are redirected to the Opti ID home dashboard.

For information on the Microsoft My Apps portal, see Microsoft's documentation: