> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.

> Overview of Single Sign-on (SSO) initiated by a Service Provider (SP).

# Service-Provider-Initiated Single Sign-On

For Service-Provider-initiated <Tooltip tip="Single Sign-On (SSO): Service that, after a user logs into one applicaton, automatically logs that user in to other applications." cta="View Glossary" href="/docs/glossary?term=Single+Sign-On">Single Sign-On</Tooltip> (SSO) implementations, Auth0 is the SSO Service Provider (SP). When a user logs in to an application:

1. The application presents the user with one or more external Identity Providers (IdPs).
2. The user selects an IdP to authenticate with and logs in.
3. Upon successful authentication, the user is returned to the application with an active session.

SP-initiated SSO in Auth0 is handled by connections.

## Auth0 SSO sessions vs. application sessions

When users log in, various [session layers](/docs/manage-users/sessions/session-layers) can be created. For SP-initiated SSO implementations, it's important to understand that the SSO experience is made possible by the Auth0 Session Layer, which is stored centrally on the <Tooltip tip="Authorization Server: Centralized server that contributes to defining the boundaries of a user’s access. For example, your authorization server can control the data, tasks, and features available to a user." cta="View Glossary" href="/docs/glossary?term=Authorization+Server">Authorization Server</Tooltip>. Leveraging this session layer, users can easily authenticate to different applications, each of which may have its own application session to track whether the user is logged in to it specifically.

## Build your own implementations

### OIDC/OAuth

* Social <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=Identity+Providers">Identity Providers</Tooltip>
* Add a generic OAuth2 Authorization Server to Auth0
* [Auth0 Marketplace](https://marketplace.auth0.com/)

### SAML

* Auth0 provides instructions to configure the following <Tooltip tip="Security Assertion Markup Language (SAML): Standardized protocol allowing two parties to exchange authentication information without a password." cta="View Glossary" href="/docs/glossary?term=SAML">SAML</Tooltip> IdPs with Auth0:

  * [Okta](/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider/configure-okta-as-saml-identity-provider)
  * [OneLogin](/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider/configure-onelogin-as-saml-identity-provider)
  * [PingFederate 7](/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider/configure-pingfederate-as-saml-identity-provider)
  * [Salesforce](/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider/configure-salesforce-as-saml-identity-provider)
  * [SiteMinder](/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider/configure-siteminder-as-saml-identity-provider)
  * [SSOCircle](/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider/configure-ssocircle-as-saml-identity-provider)
* We also provide generic instructions to [configure Auth0 as a SAML service provider](/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider).
* [Configure Identity-Provider-Initiated Single Sign-On](/docs/authenticate/protocols/saml/saml-sso-integrations/identity-provider-initiated-single-sign-on)

## Limitations

* Native applications can only use [Universal Login](/docs/authenticate/login/auth0-universal-login).
* <Tooltip tip="OpenID: Open standard for authentication that allows applications to verify users' identities without collecting and storing login information." cta="View Glossary" href="/docs/glossary?term=OpenID">OpenID</Tooltip> Connect (OIDC) does not support IdP-initiated SSO.

## Learn more

* [Identity-Provider-Initiated Single Sign-On](/docs/authenticate/single-sign-on/outbound-single-sign-on)
* [API Endpoints for Single Sign-On](/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on)