> ## Documentation Index > Fetch the complete documentation index at: https://docs.prelude.so/llms.txt > Use this file to discover all available pages before exploring further. # Initiate SAML login (explicit connection) > Start an SP-initiated SAML SSO flow for an explicit `(provider_id, connection_id)` pair. On success, returns the IdP URL the SDK navigates the user to. ## OpenAPI ````yaml get /v1/session/login/saml/{provider_id}/{connection_id}/initiate openapi: 3.1.1 info: title: Prelude Auth Frontend API version: 0.0.1 description: The Prelude Frontend API for Authentication and Session Management contact: email: support@prelude.so servers: - url: https://{appId}.session.prelude.dev description: Production server variables: appId: default: changeme description: The appID security: [] tags: - name: Login OTP description: Login and step-up via OTP (phone or email) - name: Login Email Password description: Login via email and password - name: Login OAuth description: Login via OAuth providers - name: Login SAML description: Login via SAML 2.0 SSO connections (Okta, Google Workspace) - name: Login Finalize description: Finalize a login flow and create a session - name: Login Migration description: Migrate sessions from a legacy authentication system - name: Session description: Session refresh and revocation - name: Session Management description: Authenticated session and identifier management - name: Step-Up description: Step-up authentication flow - name: Well-Known description: Public key discovery endpoints - name: Password description: Password compliancy and change password - name: Passkey Login description: >- Primary-factor (passwordless) sign-in via WebAuthn discoverable credentials - name: Passkey Management description: >- Register / list / rename / delete the authenticated user's passkey credentials paths: /v1/session/login/saml/{provider_id}/{connection_id}/initiate: get: tags: - Login SAML summary: Initiate SAML login (explicit connection) description: | Start an SP-initiated SAML SSO flow for an explicit `(provider_id, connection_id)` pair. On success, returns the IdP URL the SDK navigates the user to. operationId: samlInitiate parameters: - $ref: '#/components/parameters/samlProviderIDParam' - $ref: '#/components/parameters/samlConnectionIDParam' - name: redirect_uri in: query schema: type: string examples: - https://app.acme.com/callback description: | URI to redirect to after authentication. Must be allowlisted for the app. Falls back to the connection's `default_redirect_uri` when omitted. - name: code_challenge in: query schema: type: string examples: - E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM description: PKCE code challenge (S256) bound to the eventual login finalize. - name: dispatch_id in: query schema: type: string examples: - 123e4567-e89b-12d3-a456-426614174000 description: The identifier of the dispatch from the front-end SDK. responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/SAMLInitiateResponse' '400': description: Bad Request content: application/json: schema: oneOf: - $ref: '#/components/schemas/BadRequestError' - $ref: '#/components/schemas/InvalidRedirectURIError' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/SAMLConnectionDisabledError' '404': description: Not Found content: application/json: schema: $ref: '#/components/schemas/SAMLConnectionNotConfiguredError' '500': description: Internal Error content: application/json: schema: $ref: '#/components/schemas/InternalError' components: parameters: samlProviderIDParam: name: provider_id in: path required: true schema: type: string examples: - okta - google description: The SAML provider identifier (`okta` or `google`). samlConnectionIDParam: name: connection_id in: path required: true schema: type: string examples: - samlc_01jqebhswje1ka1z7ahr9rfsgt description: The SAML connection identifier (prefixed with `samlc_`). schemas: SAMLInitiateResponse: type: object properties: redirect_url: type: string description: The Identity Provider URL to redirect the user to. examples: - >- https://acme.okta.com/app/abc/sso/saml?SAMLRequest=...&RelayState=... required: - redirect_url BadRequestError: type: object properties: code: type: string enum: - bad_request type: type: string enum: - bad_request InvalidRedirectURIError: type: object properties: code: type: string enum: - invalid_redirect_uri type: type: string enum: - bad_request SAMLConnectionDisabledError: type: object description: The SAML connection exists but is disabled. properties: code: type: string enum: - saml_connection_disabled type: type: string enum: - forbidden SAMLConnectionNotConfiguredError: type: object description: No SAML connection exists for the given `(provider_id, connection_id)`. properties: code: type: string enum: - saml_connection_not_configured type: type: string enum: - not_found InternalError: type: object properties: code: type: string enum: - internal type: type: string enum: - internal ````