We have enabled “Enable SAML Based Single Sign-On (SSO)”
SSO is working as expected. However when session is expired on last open page it redirects back to home page and session expired on last page become inaccessible until browser cache is cleared.
Issue steps to reproduce :
Login using SSO
Open any page like → Task, Debug, Identity Warehouse
Wait for session to expire on same page
Refresh page → SSO redirect to home page
Try opening last page on which session expired → SSO redirect back to home page
Last session expired page become inaccessible and ENTRAID keeps on redirecting to home page
Im able to resolve this manually by:
Clearing browser cache and Re-login and all page will be accessible.
Enable redirect to login on session timeout in “identityiq\WEB-INF\web.xml”:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
Root Cause: When you enable “Enable SAML Based Single Sign-On (SSO)” in SailPoint IIQ, IIQ relies on both:
IIQ HTTP session (JSESSIONID)
SAML session with Entra ID (Azure AD)
Here’s the problem flow in your case:
User logs in via SSO → everything works
User opens a deep link page(Task / Debug / Identity Warehouse etc.)
IIQ session expires, but Entra ID session is still valid
User refreshes the page:
IIQ says: “Session expired → redirect to SAML login”
Entra ID says: “User already authenticated”
Entra ID sends user back to IIQ
IIQ cannot restore the original deep-link URL
IIQ falls back to home page
The expired deep-link URL gets stuck