Running DeepLink under a SAML/SSO users role

We are trying to implement SAML/SSO with DeepLink. We installed and configured SAML and it appears to be working as needed. When we navigate to we get the Active Directory user’s home page as expected. We also set up a deeplink so that the AD user can hyperlink to a specific item on a specific page. The deeplink is set to Allow guests = true.  When I navigate to the deeplink at ‘’, the deeplink microflow runs as expected. However, at this point I would expect $currentUser to be the AD user’s account with the microflow running under that account’s role. Instead, $currentUser/IsAnonymous=true and $currentUser/Name=’Anonymous_85e…’ But the Mendix log shows the message “SAML_SSO: Success: Successful sign on:”. How do I get a deeplink to microflow to run under the SSO/AD user’s role? Edited to add: I set the role based home page to a microflow that runs DeepLinkHome. When I navigate to the deeplink URL I am first shown page login.html. After logging in I finally get the expected deeplink page.  I need to bypass this unnecessary login page. Is there a configuration constant in either DeepLink or SAML that need to be set up? These are my current settings: This is my role based microflow:
1 answers

We resolved this with the help of Mendix Support. They recommended a couple of config changes:

1) Set the value of the DeepLink.LoginLocation to /sso/login?f=true&cont=​, so you get redirected to the correct login handler
2) Set the com.mendix.core.SameSiteCookies custom runtime setting to Lax​, so the session cookie is sent to the Mendix runtime after a successful sign in with the IdP.

That got it working for us.  Your mileage may vary.