Skip to main content

What is the difference between SP- and IdP-Initiated SSO?


Procore supports both SP- and IdP-initiated SSO:

  • Identity Provider Initiated (IdP-initiated) SSO. With this option, your end users can log into your Identity Provider's SSO page (e.g. Okta, OneLogin, or Microsoft Azure AD) and then click a Procore enterprise application tile to log in using SSO and open the Procore web application. They are also able to log in directly through the Procore login page with a username and password.
  • Service Provider Initiated (SP-initiated) SSO. Referred to as Procore-initiated SSO, this option gives your end users the ability to sign into the Procore Login page and then sends an authorization request to the Identify Provider (e.g. Okta, OneLogin, or Microsoft Azure AD). Once the IdP authenticates the user's identify, the user is logged into Procore. They are also able to log in from your IdP's SSO page by clicking a Procore enterprise application tile.

See Also