Start session from the Identity Provider

<< Click to Display Table of Contents >>

Navigation:  Bizagi Studio > Security definition > Work Portal Security > Work Portal Authentication > SAML authentication >

Start session from the Identity Provider

Overview

When a user accesses the Work Portal, they usually open the Work Portal's URL in a browser. If the environment has integrated authentication with an external identity provider, Bizagi redirects to the login page of that identity provider, for example, Azure AD. However, users can also open the Bizagi's Work Portal from the identity provider. That means, starting the authentication flow, from the identity provider, to access Bizagi's Work Portal.

 

Before You Start

This option is only available for the SAML 2.0 authentication protocol.

You must have configured the Work Portal with an identity provider using SAML 2.0. Refer to SAML authentication.

The identity provider must have an application hub.

 

SAML Identity Provider Initiated Flow

Your identity provider (IdP) can be integrated with several applications, to centralize the authentication. Some IdPs have an application hub, where all the applications registered can be accessed from there. For example, Microsoft (using Azure AD), have an application hub that can be found in the following URL:

 

https://myapplications.microsoft.com/

 

In this example, Azure AD shows all the applications where the user can access with the same account.

 

SAML_idp_initiated_01

 

If the user clicks on the Bizagi application, the Work Portal of that application is opened automatically, and the user does not have to register login credentials again.

 

note_pin

The Identity Provider Initiated flow applies for the Work Portal authentication only. Other portals from the Bizagi cloud offering, like the Customer Portal, cannot be accessed using this feature.

 

The Identity Provider Initiated flow is explained as follows:

 

SAML_idp_initiated_02

 

On the other hand,  with the Service Provider Initiated flow, the user must register the Work Portal's URL in the browser, register the credentials, and finally they will have access to the Work Portal, as explained in the following image.

 

SAML_idp_initiated_03

 

Other Identity Providers have their own application hub. For example, Okta has the application hub accessing the Home page of the account, adding this suffix to the URL

 

/app/UserHome

 

SAML_idp_initiated_04

 

Using ADFS you can develop a portal as your application hub. Refer to Identity Provider Initiated using ADFS.