SAP Knowledge Base Article - Public

3160963 - SAML - Which link will be used for the SPI


We always use the SAML login-page on our side, but now we want to send direct links to specific diagrams to our colleagues or spread the link on our intranet. Which link-structure do we have to use?


You have to activate the checkbox for the service provider initiated authentication in the beginning (Explorer - Setup - Manage Collaboration Hub authentication).

The next steps depend on your SAML-server:


  • Please execute following PowerShell command (as an administrator) on your ADFS:

    Get-AdfsRelyingPartyTrust -Identifier ""

  • Search for the line "SignedSamlRequestsRequired" and check the value
  • If the value is "False", continue with the steps for the other system (see below)
  • If the value is "True", you have two options
    • Option 1:
      • You can change the value to "False" with following command:

        Set-AdfsRelyingPartyTrust -TargetIdentifier "" -SignedSamlRequestsRequired $false 

      • Continue with the steps for the other system (see below)
    • Option 2:
      • Get in contact with the Signavio Support (They will send you a new certificate, which has to be changed in the RelyingTrustParty and they will change something in the background of your workspace).

other system (e.g. Okta, Google, SAP)

  • You can use two links for the SPI-Login:<WorkspaceID>

You can find your Workspace ID under the "Workspace information" in the Help-menu.<ModelID>

→ Suggestion: replace the ModelID-parameter with the ID of your entry Point

Please note that customer of who are using the US or Australian infrastructure have to use or


KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To


SAP Signavio Process Manager all versions ; Signavio Process Manager all versions