The state
you provided when getting a SAML initiation URL, if any.
If your user logged in to your product using Identity Provider-initiated SAML (e.g. they clicked on your app inside
their corporate Okta dashboard), then state
will be empty.
SSOReady validates the authenticity of non-empty state
values. You do not need to implement your own CSRF on top
of it, but doing so anyway will have no bad consequences.
Arbitrary key-value pairs the Identity Provider included about the user.
Typically, these attributes
are used to pass along the user’s first/last name, or whether they should be
considered an admin within their company.
The externalId
, if any, of the organization this user belongs to.
A unique identifier of this particular SAML login. It is not a secret. You can safely log it.
SSOReady maintains an audit log of every SAML login. Use this SAML flow ID to find this login in the audit logs.