Principals or users may try to access an application from one of the following flows:
Identity provider (IdP) flow: The principal launches applications to the service provider (SP) resource. In EAA, this happens from the EAA Login Portal after a user has authenticated. When the user clicks on an application icon, a SAML assertion (authentication) is sent over to the SP Assertion Consumer Service (ACS) and the user is signed into the service without needing to provide credentials again.
- From a browser the principal attempts to go directly to the web resource without authenticating.
- The principal is redirected to the IdP to authenticate.
- Once authenticated the principal is redirected back to the web resource.
Next steps: Add a new identity provider