- Using B2C Service
- Customer Login Using an IdP-initiated SSO
Customer Login Using an IdP-initiated SSO
IdP-initiated SSO for customers occurs when single sign-on is enabled for customers logging in to your customer portal.
This flow diagram shows the process of a customer accessing the customer portal with an IdP-initiated SSO.

- A customer enters a user name and password to log in to an identity provider. When the identity provider verifies the information, the customer is logged in.
- The identity provider displays a list of service providers, including your customer portal, that the customer can connect to.
- The customer selects the customer portal.
- The identity provider generates a signed SAML 2.0 assertion
using the customer’s email address, contact record ID, login name,
or a contact custom field as the assertion subject. See Considerations When Using Single Sign-on.
Note: The assertion must be signed using XML Signature Syntax and Processing. If the certificate used to sign the assertion is self-signed, it must be uploaded to the Additional Root Certificates (certs/root) directory in the File Manager. See Certificate Validation Options. The certificate must also be listed in the SAML_20_SIGN_CERTS configuration setting or it will not be accepted for SAML signing. See Define Single Sign-on Configuration Settings.
- The identity provider then submits the assertion, using HTTP POST binding (because that's the only binding method supported), to the openlogin controller at http://your_site.custhelp.com/ci/openlogin/saml. This controller calls the SSO validation and logs in the customer.
- B2C Service decodes the assertion, validates the
customer by confirming that the assertion matches a contact record
in the database, and logs the customer in on your Support Home page.
(A redirect parameter can specify that a different page opens instead.
See How You Redirect Contacts After Login.)
Contact records cannot be created through the SSO process, so only existing customers can be logged in. (The public API can be used to create or update contacts if necessary.)