In self-service SAML configuration on auth0, you allow your users to create SAML configuration, so they can set up their Idp (identity provider). When that’s set up, users can access your app, service provider (auth0) communicates with the IdP (e.g., Okta), and the IdP provides the login screen — that’s service provider-initiated flow. However, with IdP-initiated flow, the flow starts from IdP. When the IdP authenticates the user, it communicates to the SP to access the app. This might cause an error if that flow isn’t enabled in the SP settings.