I think this is a weird SAML pattern I've seen before where e.g. Okta generates a URL that's like https://somevendor.com/SAML/somesignedbase64payload to do SSO, which is sort of the inverse of the more common approach of the page you're logging into sending you to the Auth provider after seeing your email domain.
