SP-initiated vs. IdP-initiated SSO: key differences explained

SP-initiated Single Sign On (SSO) and IdP-initiated authentication are two methods of user authentication in the context of a Software as a Service (SaaS) application. In SP-initiated SSO, users initiate the authentication process by clicking on a login button within the application, which then sends an authentication request to the Identity Provider via the browser. This method is commonly used for consumer-facing apps and is the most common form of SSO for new WorkOS customers becoming Enterprise Ready. In IdP-initiated authentication, users first log into their Identity Provider and can then access various Service Providers by clicking on a button or link. Integrating SSO with WorkOS allows businesses to offer both SP-initiated and IdP-initiated authentication flows to their SaaS customers.