The IBM Cloud team is excited to announce IDP-initiated login for IBM Cloud App ID. With IDP-initiated login, customers have the option to click a button on their IDP dashboard, which sends an assertion file to the service provider (App ID) and starts an authentication session.

This feature is convenient for IT teams that consolidate many applications that use the same SSO provider under one dashboard. When using IDP-initiated login, some built-in security mechanisms in the SAML protocol are ignored, so we do not get the same level of trust as with SP-initiated login. Sending an unsolicited assertion file opens the application to an injected assertion attack where the attacker can steal a SAML assertion file generated by the IDP and inject it into a service provider.

App ID is taking a different approach to IDP-initiated login, where the service provider does not validate the assertion file, but instead initiates a SP-initiated login that is triggered by the IDP-initiated one. Because the user already has a valid session with their IDP, they don’t have to login again and the browser redirects them back to their application with a valid access token.

Sequence diagram of IDP-initiated login in App ID.

Taking this approach allows customers to benefit from the convenience of an IDP-initiated login without exposing their applications to inherent risks.

To get started with utilizing App ID’s IDP-initiated login functionality, visit our documentation.

Get started with IBM Cloud App ID


More from Cloud

Kubernetes version 1.28 now available in IBM Cloud Kubernetes Service

2 min read - We are excited to announce the availability of Kubernetes version 1.28 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 23rd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.27 (soon to be 1.28); you can also choose to immediately deploy version 1.28. Learn more about deploying clusters here. Kubernetes version 1.28 In…

Temenos brings innovative payments capabilities to IBM Cloud to help banks transform

3 min read - The payments ecosystem is at an inflection point for transformation, and we believe now is the time for change. As banks look to modernize their payments journeys, Temenos Payments Hub has become the first dedicated payments solution to deliver innovative payments capabilities on the IBM Cloud for Financial Services®—an industry-specific platform designed to accelerate financial institutions' digital transformations with security at the forefront. This is the latest initiative in our long history together helping clients transform. With the Temenos Payments…

Foundational models at the edge

7 min read - Foundational models (FMs) are marking the beginning of a new era in machine learning (ML) and artificial intelligence (AI), which is leading to faster development of AI that can be adapted to a wide range of downstream tasks and fine-tuned for an array of applications.  With the increasing importance of processing data where work is being performed, serving AI models at the enterprise edge enables near-real-time predictions, while abiding by data sovereignty and privacy requirements. By combining the IBM watsonx data…

The next wave of payments modernization: Minimizing complexity to elevate customer experience

3 min read - The payments ecosystem is at an inflection point for transformation, especially as we see the rise of disruptive digital entrants who are introducing new payment methods, such as cryptocurrency and central bank digital currencies (CDBC). With more choices for customers, capturing share of wallet is becoming more competitive for traditional banks. This is just one of many examples that show how the payments space has evolved. At the same time, we are increasingly seeing regulators more closely monitor the industry’s…