SAML flows
Principals or users may try to access an application from one of the following flows:
Identity provider (IdP) flow: The principal launches applications to the service provider (SP) resource. In EAA, this happens from the EAA Login Portal after a user has authenticated. When the user clicks on an application icon, a SAML assertion (authentication) is sent over to the SP Assertion Consumer Service (ACS) and the user is signed into the service without needing to provide credentials again.

Service Provider
(SP) flow: SP flows are dependent on the target application. Generally,
the SP flow is:
- From a browser the principal attempts to go directly to the web resource without authenticating.
- The principal is redirected to the IdP to authenticate.
- Once authenticated the principal is redirected back to the web resource.

Next steps: Add a new identity provider