Enable Direct Sign in from Identity Provider: Introducing (IdP) Initiated SSO

August 2024

IdP-initiated SSO allows users to log into your B2B SaaS application directly from their identity provider's (IdP) portal. This authentication flow, named after it’s initiation point, offers significant convenience for users to access several applications from one centralized location.

Scalekit now empowers your SaaS application to offer IdP-initiated SSO for your users. To mitigate security risks associated with the standard authentication flow, Scalekit provides a more secure approach by converting the incoming IdP-initiated request into an SP-initiated SSO flow.

Refer to the diagram below to see how Scalekit sends a JWT token containing the necessary information to generate the Authorization URL when an Identity Provider initiates an SSO flow to your application.

IdP-initiated SSO flow by Scalekit
IdP-initiated SSO flow by Scalekit

Previously, when an IdP initiated SSO into your application, the required information was sent as plain query parameters in the Redirect URI. Now, with the introduction of JWT tokens, the information sent to your application is digitally signed and more secure. This JWT token is sent to the Redirect URI that’s registered for your application in the Scalekit dashboard.

Previously:

https://b2b-app.com/default-redirect-uri
?connection_id=conn_295814xxxx976519
&id=req_31061547350491911
&idp_initiated_sso=success
&organization_id=org_294844xxxx065799
&relay_state=http%3A%2F%2Flocalhost%3A8080


Now:

https://b2b-app.com/default-redirect-uri
  ?idp_initiated_login=<encoded_jwt_token>


Benefits:

This approach offers two key advantages:

  • Enhanced Security: Digitally signed JWT tokens provide stronger protection for information sent to your application, safeguarding against tampering attempts.
  • Seamless Experience: The integration process with Scalekit is now more uniform across features. Your application will handle user profile details and error scenarios in a consistent manner, aligning with its typical interactions with Scalekit.

Next Steps:

Explore our comprehensive implementation guide for step-by-step instructions on implementing IdP-initiated SSO while ensuring robust security for your users.

Schedule a demo with Scalekit today.

Schedule a demo with Scalekit today.

More Related Posts

Product Updates
Introducing Single Sign-On (SSO) with OIDC
May 2024
Read more
Add Single Sign-On to your Firebase application
July 2024
Read more
Implement SAML SSO in just a few hours
May 2024
Read more

Launch enterprise SSO in hours

Scalekit is free for non-production environments
Schedule a demo
Starting at
$79
/ per month
billed annually
Included in every plan
Built in Multi-tenancy
Organization Discovery
SAML, OIDC, OAuth Support
Self-serve UI Config for SSO
Unlimited Users & Organizations

Launch enterprise SSO in hours

Scalekit is free for non-production environments
Email Logo
Support
hi@scalekit.com
hi@scalekit.com
16192 Coastal Hwy Lewes, DE 19958
Products
Single Sign-onSocial LoginsPricing
Developers
DocsAPI ReferenceSDKs
Resources
Product UpdatesScalekit vs Auth0Blog
Authentication Guides
Single Sign-onSocial LoginsOAuthPasswordlessSCIMDirectory SyncTop SSO ToolsSSO Testing
Company
AboutLegal
© 2024 ScaleKit Inc.  All rights reserved