I'm setting up an SSO solution using Azure AD and the IdP, using SAML2 token Authentication.
Our Service providers are both on premise and off premise applications. Although I understand the principles of SSO in these environments, I need clarity around SP Initiated SSO.
When an end user, who is working from home using their personal PC, tires to access an off site application, via a URL, how does the SP recognize, or identify which IdP it should redirect their browser to for validation?