Hi,

We have two identity providers created in our systems for SAML2 SSO due to having multiple domains in our business landscape. The business does not like the idea of a landing page to manually select idp and the due to the number of workflow emails being generated it is not straightforward to rewrite all the config to specify different links for different domains (so that the idp can added to the URL).

So, we'd like to use Common Domain Cookie to select the idp. The IDP is Azure AD based application. Is it the Azure application that needs to write the cookie? What needs to be in the cookie? does anyone have any experience they can share on this as googling CDC and Azure seems to provide nothing.

Does the enduser have to access SAP only via the published Azure AD application, or will the CDC still be valid if they just SSO by typing the URL in the browser. So many quesions...

Thanks in Advance

Ben