If you find when IDP initiating a connection that the following error page is returned - with below error text, but that attempting to sign in via https://apps.cloudhealthtech.com/login that SSO signs you in successfully you likely have a Sign on URL configured against the Enterprise App in Entra ID (Azure Active Directory).

Error Text: "You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator."



This will be down to the SAML connection being created from the IDP Federation Metadata URL contained under Setup -> Admin -> Single Sign On -> Identity Provider Data -> Metadata (marked below in screenshot).

Creating the application from that Metadata endpoint will populate the following field under Azure Portal -> Entra ID -> Enterprise Applications -> (Select your Tanzu CloudHealth Enterprise application) -> Single Sign On -> Basic SAML Configuration -> "Sign On URL" shown in below screenshot - 

To resolve the issue, remove this field and save the configuration.  Once removed, you should be able to IDP initiate the connection successfully.