An IdP-initiated connection is set up in order to make it possible to log in to a service provider, which was not the service provider that initially made an authentication request. It is basically a method in which a user can log in to a Service Provider from the Identity Provider.
To set up an IdP-initiated connection, click the SAML 2.0 button under the Tools group in the Connections list.
This will immediately set up a connection, as shown below.
The connection that was set up will be called “Identify runtime connection,” as shown below.
This connection will then be available as a separate URL that can be contacted to carry out IdP-initiated login.
The typical site to contact is
When contacting this URL, the user will see the following page:
There really is no difference between signing on to the site and signing on to one of the sites in the drop-down list. When signing on to the site, the user will just be shown the list of sites anyway. After choosing a site, the user will then be redirected to that site as an authenticated user.