Skip to main content

What is the difference between SP- and IdP-Initiated SSO?


Procore supports both SP- and IdP-initiated SSO:

  • Identity Provider Initiated (IdP-initiated) SSO. With this option, your end users can log into your Identity Provider's SSO page (e.g. Okta, OneLogin or Microsoft Azure AD) and then click a Procore enterprise application tile to log in using SSO and open the Procore web application. They are also able to log in directly through the Procore login page with a username and password.
  • Service Provider Initiated (SP-initiated) SSO. Referred to as Procore-initiated SSO, this option gives your end users the ability to sign into the Procore Login page and then sends an authorisation request to the Identify Provider (e.g. Okta, OneLogin or Microsoft Azure AD). Once the IdP authenticates the user's identify, the user is logged into Procore. They are also able to log in from your IdP's SSO page by clicking a Procore enterprise application tile.

See Also