All Collections
Administration of Ardoq
SSO Management
Supporting IDP-Initiated SAML Login
Supporting IDP-Initiated SAML Login

Configure your SSO to support Ardoq login from your dashboard tiles when using SAML as your login method.

D
Written by David Russell
Updated over a week ago

⚠️ Ardoq does not support IDP-initiated SAML login for security reasons. However, by following the steps in this article you can achieve similar results.

What is IDP-Initiated login?

There are generally two types of SSO login -- those which are initiated from the service provider (in this case, Ardoq) and those initiated from your IDP (which could be Azure AD, Okta, Onelogin, etc). These are illustrated below.

Service Provider-initiated login:

By clicking on Sign in with SAML from the Ardoq home page, you initiate an SSO login flow from Ardoq (the service provider).

IDP-initiated login:

By clicking on one of the application tiles in your SSO (Okta, AzureAD, Onelogin, etc), you are triggering an IDP-initiated login:

Why doesn't Ardoq support IDP-initiated SAML login?

SAML-based IDP-initiated login has known security problems and poses a risk to the security of your authentication. For this reason, Ardoq does not support IDP-initiated login via SAML. However, it is possible to mimic this approach to both achieve good security guarantees as well as a positive UX for your users.

Solution: Bookmark Tiles

Okta has a useful help article on setting up a bookmark which links to the Ardoq application. This pattern can be followed in most identity providers. The principle is simply to create a tile in your identity provider which contains a direct link to the SP-initiated login flow URL.

In this case, the bookmark link will be https://<subdomain>.ardoq.com/saml/v2, where <subdomain> will include the subdomain based on your environment. For example:

  • https://my-org.ardoq.com/saml/v2 (if EU-based)

  • https://my-org.us.ardoq.com/saml/v2 (if US-based)

  • https://my-org.uae.ardoq.com/saml/v2 (if UAE-based)

  • https://my-org.au.ardoq.com/saml/v2 (if AU-based)

This will seamlessly forward your users into a service-provider initiated login flow, preserving both improved security and a frictionless UX.

Important:

This will require you to assign both the Ardoq SAML application as well as the bookmark tile to your users. It is then recommended that the SAML application tile be hidden from the homepage, so that all users are guided to the bookmark tile instead.

Related Articles
Setting up Single Sign-on using OpenID Connect or OAuth2
Setting up Single Sign-on using SAML
Did this answer your question?