We recently started using the Certification module in our SailPoint IdentityNow tenant. Overall, things are working well, but we’ve run into one issue:
When managers receive certification emails and click the link, they are often redirected to the IdentityNow dashboard instead of the intended Certification campaign page. If they click the same link again (after being logged in), they are then routed correctly to the campaign.
Question:
Does IdentityNow support deep links or redirect URLs that preserve the target page through the SSO login process?
Yes, It (IDN/ISC) can take users into certifications after federating with an IdP, but deep-link preservation through SSO depends on RelayState being preserved end-to-end by the IdP, and not overridden by a default landing setting)
Please check the following
Open browser private mode and make sure there no active session
Click the certification email link.
Use a SAML tracer (or browser dev tools) and check:
Does the AuthnRequest include a RelayState pointing to the campaign URL?
Does the SAML response return the same RelayState back?
If RelayState is missing/changed (e.g. “/” or home), the IdP is overriding it.
Check also your Idp setting overall
Unfortunately, the HAR file, auth logs, generated by clicking the link are pretty expansive, over 120,000 lines of data. So, I’m not really sure where to start.
I do see RelayState mentioned many times in this log, but it appears to be a token, rather than a URL. When I look at the original link, which routs to safelinks through Outlook, I don’t see RelayState called out there.
When I get authenticated through Microsoft and sent back to SailPoint, I’m sent to the following link: