Streamlining Access to Embedded Ardoq Content with Autologin

Autologin is a feature to seamlessly log your users into Ardoq, bypassing our standard login page and engaging with the wider organization more effectively.

Login is a friction point for engagement, especially for embedded assets. When embedding in Sharepoint, Confluence, or other internal portals, you want your users to see the value of your Ardoq insights as easily as possible. Autologin avoids having to train your users which SSO button to click, and grants them access to your insights securely and easily.

This also alleviates the requirement to use public presentations, which are a risk to data security. One of the primary reasons to use public presentations is to share insights without the requirement of logging into Ardoq. Autologin alleviates this pain point significantly.

Requirement: A single working SSO identify provider integration. We don’t currently support using autologin with multiple SSO providers. If you’d like to request this functionality, please do so here.

Once enabled, users who navigate to Ardoq (or are shown assets in Ardoq through an embedded iframe) will be forwarded directly to your SSO provider instead of being shown the Ardoq login page:

Simply navigate to Access Control -> Login settings -> Autologin and enable the toggle!

Autologin doesn’t remove any security controls – it simply eases your users through the login flow with the least amount of friction. You have the same amount of security controls that you already do with SSO!

Yes! This is SSO agnostic and protocol agnostic. Autologin will support any SSO provider which the Ardoq platform already supports.

From an end-user perspective, they should just get access to Ardoq faster and more easily than they were able to before. There is no additional indicator that the functionality has been enabled. However, see the section below on a mechanism we’ve added to avoid confusing behaviour introduced by autologin.

Certain identity providers (e.g. Microsoft EntraID) limit the ability to show their login pages in an iframe for security reasons (e.g. to prevent clickjacking or phishing attacks). To support these login flows, we open your SSO's login page in a new tab. When autologin is enabled, these tabs are automatically opened.

Therefore, when using one of these identity providers and viewing content embedded in an iframe, a new tab will open automatically (if you're not logged into Ardoq already then) to proceed with the login flow.

There are some legitimate reasons to want to go to Ardoq’s login page – perhaps you want to login using your username/password, or you want to reset your password. Autologin tries to make the smart decision here – it will redirect each browser client once, but to avoid infinite redirects (e.g. clicking the “Back” button and getting re-forwarded over and over again) it will allow users to navigate back again. Once a user logs into Ardoq (or their SSO) successfully, this mechanism will be reset and re-trigger the next time they come back to Ardoq.

Therefore you might occasionally still be shown the login screen if, for example, you didn’t successfully complete a login with your SSO provider and navigated away. The next time you return to Ardoq, you may see the Ardoq login screen until you successfully authenticate again.

When you have multiple providers, it can be hard to know which SSO to send each user to. If you’d like to request this functionality, please do so here!