IDP-initiated login


Is the following workflow supported by keycloak:

  1. Login to my identity provider (like ping, okta, Azure AD etc)
  2. Click on the app that my admin has created
  3. Clicking on the app should SSO the user to keycloak (where I have created an Identity Provider)

I have an OIDC client created in keycloak for my angular application. The goal is, on clicking the application (in the okta IDP), the user should be SSO’ed to keycloak (have a keycloak session created) and then also logon to my angular application. Is there any documentation that describes the steps to setup such a workflow?

What I have found so far is SP initiated login, where the user first visits the angular app. The clicks on ‘Login with IDP’ (okta in this case). The browser redirects to IDP, the user authenticates and is then redirected back to the angular application with an active session.