Came across this very interesting post in SO.
Custom SSO With Azure Active Directory.
Note the IDPInitiated section:
"Finally, if your application expects IdP initiated SSO, construct a
canned SAML AuthNRequest and save it in a URL - when your organization's
users will click on this URL (canned SAML AuthNRequest) - they will get
redirected to Azure AD where they will sign-in and then the token will
be posted to the application's AssertionConsumerServiceURL - resulting
in the user getting signed in.
You can use the following tool to create a
Azure AD doesn't have an IDP Initiated endpoint so this is a neat little trick!