July 27, 2023 By Vladimir Atanasov 2 min read

The IBM Cloud team is excited to announce IDP-initiated login for IBM Cloud App ID. With IDP-initiated login, customers have the option to click a button on their IDP dashboard, which sends an assertion file to the service provider (App ID) and starts an authentication session.

This feature is convenient for IT teams that consolidate many applications that use the same SSO provider under one dashboard. When using IDP-initiated login, some built-in security mechanisms in the SAML protocol are ignored, so we do not get the same level of trust as with SP-initiated login. Sending an unsolicited assertion file opens the application to an injected assertion attack where the attacker can steal a SAML assertion file generated by the IDP and inject it into a service provider.

App ID is taking a different approach to IDP-initiated login, where the service provider does not validate the assertion file, but instead initiates a SP-initiated login that is triggered by the IDP-initiated one. Because the user already has a valid session with their IDP, they don’t have to login again and the browser redirects them back to their application with a valid access token.

Sequence diagram of IDP-initiated login in App ID.

Taking this approach allows customers to benefit from the convenience of an IDP-initiated login without exposing their applications to inherent risks.

To get started with utilizing App ID’s IDP-initiated login functionality, visit our documentation.

Get started with IBM Cloud App ID

More from Cloud

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters