As an end user, once I want to authenticate at a designated website of the IAM Server (Identity Provider) and then then access protected resources on remote sites that trust my successful authentication with IAM server, without having to re-enter my credentials. I want to access the resources to which my role is authorized.

Notes: Require Support for SAML 2.0 IdP-Initiated SSO Profile