We go about it in what sounds like much the same way. The SSO redirects users to the IDP for authentication, and we then provide end users with links that include the return action and the desired content. For example:

https://chris.thoughtindustries.com/access/saml/login/chris-pano-slug/?returnTo=/learn/article/challenger-introduction

When a user follows this link, they are redirected to their SSO for authentication and then taken directly to the specified content. As long as the user remains logged in, they can continue using direct SSO URLs without needing to login through the IDP each time.

Since we use Panorama’s for all our clients we leverage the API to list all the content that has been made available and then generate a SSO deep link URL for each item via a scripted process.  

@Christopher.Hernley This is what we want to do. Can you speak more to exactly how that link is created? Did someone on your engineering team set up something internally that creates that SSO link for the content? 
I am missing something in my understanding of how the link is created behind the scenes! 

Making a handful of them manually isn't hard once you have the base, but your probably want to involve your Engineering team if you try to generate a full list of everything you have on your site.

I tried to break this out a bit more below with colors hope it helps

https://chris.thoughtindustries.com/access/saml/login/chris-pano-slug/?returnTo=/learn/article/challenger-introduction

1. https://chris.thoughtindustries.com/ = this is your base URL for your site - it would be the same every time
2. access/saml/login/ = this tells Ti to send the user though the SAML consumer and to the SSO login - it would be the same every time
3. chris-pano-slug/ = the panorama slug which is based off the Pano name you set in the system and would be the same for all SSO URLS for that Pano. It can be accessed in a few ways though I usually go to the  Pano SSO settings, expand the SMAL 2.0 Settings, click “Download SP Metadata” and grab what is at the end of the address bar after /metadata

   1. 

4. ?returnTo= = this will send the user back to whatever portion of the Ti platform you want to redirect them to - it will always stay the same. 
5. /learn/article/challenger-introduction = this is a portion of the Current URL which appears at the bottom of step 5 Release when editing any content item. You’ll only need the /learn… portion of it. It is a combination of the content type and content details slug.

We opted for the “generator route” using the API List Content  since each of our Panos gets different content so we didn't want to work off a single list of all content on the site. It involves making API requests and collecting the responses to output them to a csv file for easy distribution. If you go this route I would certainly recommend getting Engineering involved.  

Hopefully this didn't confuse you too much but I’m happy to hop on a short call if you like as I also set up the generation for the full list. 

​@Christopher.Hernley 
This is SUPER helpful. I am not sure I am grabbing the right slug though. We aren’t exclusively using SSO for access...some of our users continue to have to create a login to access content. 

I’d love to meet and chat if you have a few minutes! I am on EST (East Coast of US) and am available this afternoon at 3 pm or tomorrow anytime except 11-11:30. lisa.rollins@uniteus.com 

Thank you!