Not seeing any documentation on Requestable SSO URLs, so looking to better understand them:
I have multi-tenant application which (in a particular case) uses the SAME entityid, with the same IdP. Multiple tenancy is determined by domain name, for example 'abc.example.com', and 'xyz.example.com'
I want my SSO URLs to differ (i.e., use different domain names) depending on which tenant is making the request. If request originates from 'abc.example.com', my SSO URL is 'https://abc.example.com/saml/sso'
It appears I can do this by setting:
'Audience Restriction' to be my entity id, 'example.com',
SSO URL to 'https://abc.example.com/sam/sso',
enable "Allow this app to request other SSO URLs"
add to Requestable SSO URLs, 'https://xyz.example.com/saml/sso'
Then in my request, I set entitiy id to 'example.com' -- for both of my domains -- and set service.sp.endpoints.assertion_consumer_service to 'https://abc.example.com/saml/sso' for one domain, and 'https://xyz.example.com/saml/sso' for the other domain.
While each of the two requestable SSO URLs must have different index values, it does not appear I need to do anything about specifying and index in the request. Right?
What is the purpose of the Index? For IdP-initiated login, how does IdP / Okta "know" which URL to use by default?