Enable Direct Sign in from Identity Provider: Introducing (IdP) Initiated SSO

August 2024

IdP-initiated SSO allows users to log into your B2B SaaS application directly from their identity provider's (IdP) portal. This authentication flow, named after it’s initiation point, offers significant convenience for users to access several applications from one centralized location.

Scalekit now empowers your SaaS application to offer IdP-initiated SSO for your users. To mitigate security risks associated with the standard authentication flow, Scalekit provides a more secure approach by converting the incoming IdP-initiated request into an SP-initiated SSO flow.

Refer to the diagram below to see how Scalekit sends a JWT token containing the necessary information to generate the Authorization URL when an Identity Provider initiates an SSO flow to your application.

IdP-initiated SSO flow by Scalekit
IdP-initiated SSO flow by Scalekit

Previously, when an IdP initiated SSO into your application, the required information was sent as plain query parameters in the Redirect URI. Now, with the introduction of JWT tokens, the information sent to your application is digitally signed and more secure. This JWT token is sent to the Redirect URI that’s registered for your application in the Scalekit dashboard.

Previously:

https://b2b-app.com/default-redirect-uri
?connection_id=conn_295814xxxx976519
&id=req_31061547350491911
&idp_initiated_sso=success
&organization_id=org_294844xxxx065799
&relay_state=http%3A%2F%2Flocalhost%3A8080


Now:

https://b2b-app.com/default-redirect-uri
  ?idp_initiated_login=<encoded_jwt_token>


Benefits:

This approach offers two key advantages:

  • Enhanced Security: Digitally signed JWT tokens provide stronger protection for information sent to your application, safeguarding against tampering attempts.
  • Seamless Experience: The integration process with Scalekit is now more uniform across features. Your application will handle user profile details and error scenarios in a consistent manner, aligning with its typical interactions with Scalekit.

Next Steps:

Explore our comprehensive implementation guide for step-by-step instructions on implementing IdP-initiated SSO while ensuring robust security for your users.

Get early access to Scalekit today.

More Related Posts

Product Updates
Introducing Single Sign-On (SSO) with OIDC
May 2024
Read more
Add Single Sign-On to your Firebase application
July 2024
Read more
Implement SAML SSO in just a few hours
May 2024
Read more

Launch enterprise SSO in hours

Scalekit is free for non-production environments
Get Early Access
Starting at
$79
/ per month
billed annually
Included in every plan
Built in Multi-tenancy
Organization Discovery
SAML, OIDC, OAuth Support
Self-serve UI Config for SSO
Unlimited Users & Organizations

Launch enterprise SSO in hours

Scalekit is free for non-production environments
Email Logo
Support
hi@scalekit.com
hi@scalekit.com
16192 Coastal Hwy Lewes, DE 19958
Products
Single Sign-onPricing
Developers
DocsAPI ReferenceSDKs
Resources
Product UpdatesScalekit vs Auth0Blog
Authentication Guides
Single Sign-onSocial LoginsOAuthPasswordlessSCIMDirectory Sync
Company
AboutLegal
Follow us
© 2024 ScaleKit Inc.  All rights reserved

Integrate SSO in a few hours

Add major identity providers instantly. Support SAML and OIDC protocols
Talk to our team today to:
Get a personalized demo of Scalekit
Learn how to add SSO to your SaaS app
Get answers for technical integration and setup

Integrate SSO in a few hours

email icon

Talk to you soon!

Thank you for signing up for our early access. Our team will be in touch with you soon over email.
Done
Oops! Something went wrong while submitting the form.