IdP-Initiated SAML allows users to click a button within the SAML provider's dashboard which will then launch the CloudSploit application. CloudSploit does not have native support for IdP-initiated SAML, however we do have a simple workaround.


CloudSploit's SSO signin page allows you to pass a connection name that is unique for your company's application. Using this link, you can create a "bookmark" application within your SAML provider. This feature is supported by most provider's including Okta and OneLogin.


The setup will consist of the following:


1. A standard SAML 2.0 application configured using the setup defined here.

2. A second, "bookmark" application that will send users to the /sso entrypoint which will kick users back into the first application's SAML flow.


To configure this flow, please follow these steps:


1. Create the first application by following the onboarding steps and working with CloudSploit support.

2. Ensure you can login via the standard SAML page: https://cloud.aquasec.com/sso

3. Once you've verified that you can, ask CloudSploit Support for your unique login link. We will provide a /sso URL with a parameter specific to your organization that will direct your users directly to your SAML provider login without having to type their email addresses.

4. Create a new "bookmark" application and paste the provided link.

5. When users click the bookmark application from within the provider dashboard, they will be redirected to the custom CloudSploit /sso endpoint which will then initiate the SAML flow.

6. Optionally, you can hide the first application from the provider dashboard so users can only click the bookmark application.


If you have any questions, please contact support.