What is considered an "Identity Provider Initiated" login to an application?

 An “Identity Provider Initiated” login refers to a scenario where the authentication process begins at the identity provider rather than the service provider. In the context of CyberArk Defender Access, this occurs when a user first signs into the CyberArk Identity portal and then initiates access to an application by clicking on a SAML app tile. This process ensures that the user is authenticated through CyberArk Identity before being granted access to the application, thus providing a secure single sign-on (SSO) experience.

References: The explanation is based on the standard practices of SSO and the specific workflow of CyberArk Identity as an identity provider, which is documented in CyberArk’s official resources123.