We are implementing Single Sign-On (SSO) for our NetOps Portal and would like guidance on the recommended access method. Should we configure SP-initiated, IDP-initiated, or both methods for optimal access?

DX NetOps Performance Management , DX NetOPs Network Flow Analysis

Selecting the appropriate access method—SP-initiated, IDP-initiated, or both—depends on the organization’s user access patterns and centralized authentication setup.

Each method offers distinct workflows and benefits, and the choice will influence the user experience and access flow for the NetOps Portal.

When enabling Single Sign-On (SSO) for the NetOps Portal, you can choose from two access methods: SP-initiated and IDP-initiated. Each method offers unique benefits depending on how your users typically access the portal. Here’s a breakdown of each, including use cases and examples, to help determine the best approach:

1. SP-Initiated SSO (Service Provider-Initiated)

• How It Works: In an SP-initiated setup, users start by going directly to the NetOps Portal (the Service Provider). If they are not already authenticated, the portal redirects them to the Identity Provider (IDP) for login.
• Use Case: This approach is ideal when users commonly start by accessing the NetOps Portal directly, such as from a bookmarked link, or when accessing a single application independently.
• Example: A network engineer needs to access the NetOps Portal to monitor real-time traffic. They navigate directly to the portal’s URL, which triggers a redirect to the IDP for login. After authenticating, they are automatically taken back to the portal without additional steps.

2. IDP-Initiated SSO (Identity Provider-Initiated)

• How It Works: In IDP-initiated SSO, users start by logging in through a central Identity Provider dashboard or company portal. From there, they select the NetOps Portal (or any other application they need), and the IDP sends an authentication assertion directly to the portal, granting them access.
• Use Case: This method is preferred in organizations with a central login portal where users can access multiple applications from one place. It simplifies login by allowing users to authenticate once and then access various services without re-entering credentials.
• Example: An employee starts their day by logging into the company’s main SSO dashboard. From there, they select the NetOps Portal among other tools. The IDP authenticates them and provides immediate access to the portal without needing a separate login.

3. Supporting Both SP and IDP-Initiated SSO

• How It Works: Supporting both methods allows flexibility, enabling users to either go directly to the NetOps Portal (SP-initiated) or access it from a centralized IDP dashboard (IDP-initiated).
• Use Case: This approach is beneficial if your organization has a mix of user workflows. Some users may prefer going directly to the NetOps Portal, while others may use a central dashboard to access all applications.
• Example: Some users might access the NetOps Portal directly from their devices, while others prefer logging in once through a main SSO portal. With both options enabled, all users can access the portal seamlessly in the way that best suits them.

Summary

Choose SP-initiated if direct access to the NetOps Portal is most common, IDP-initiated if users typically start at a central SSO portal, or both to offer maximum flexibility based on user needs.

Once you’ve identified the approach that aligns with your organization’s workflow, proceed with configuring the selected SSO setup. For additional questions on this topic, please open a new support case, we’re here to assist.