![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 13%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKW%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,602 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 99%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hello Kevin,
If the authentication flow is configured to automatically reroute to the identity provider (IdP), a user can use their credentials to log into a particular application (service provider, SP). Usually, Single Sign-On (SSO) protocols like OAuth 2.0/OpenID Connect or SAML (Security Assertion Markup Language) are used for this.
Allow me to describe the flow to you:
The user attempts to use one of the SP's apps or services.
The SP will send the user to the Identity Provider (IdP) for authentication if they haven't been authenticated yet or if their session has ended.
The user is directed to the IdP's login page by the SP, frequently containing details about the service they are attempting to access.
The user gives the IdP their login information if they haven't already. Depending on the IdP setup, this step can be omitted if they are already logged in.
Following successful authentication, the SP verifies the authentication token that the IdP sent back to it (such as an OAuth token, SAML assertion, or ID token in OpenID Connect).
The user is given access to the app or service when the SP validates the token and validates the user's identity.
Therefore, if the user is already authorized, they don't need to explicitly log in again because the redirection to the IdP occurs automatically during this procedure. The user can enjoy a smooth SSO experience thanks to this procedure.
Yes, it is also typical for the authentication procedure to begin with the SP automatically rerouting to the IdP without any user intervention. For instance, if a user is trying to visit an app that has an IdP for SSO, they are usually sent to the IdP right away, presuming they haven't already been authorized.
Register an application in Entra ID
Single-sign-on
I hope this clarifies things. Please contact us if you have any additional questions.
If this answers your query, do click Accept Answer and Yes for "Was this answer helpful". And, if you have any further query do let us know.