Hey Tien - Since responding to this question, I've gained more context and I think I should elaborate on my response: Okta supports the passive federation flow for SAML authentication by default, which describes the SP-initiated SAML SSO flow. I've since learned that you're asking if Okta currently respects the isPassive flag in the SAML Assertion metadata. The desired behavior is that the IDP (Okta) to redirect back to the SP without prompting the end user for credentials, if a session is not currently established. The end user would then log in directly to the application on the SP side. Okta does nto currently honor this flag. Sorry for the confusion.