Comment by rightbyte
16 hours ago
"click link that for whatever reason doesn't give you a permanent link you can bookmark for later"
Sounds like engagement hacking?
16 hours ago
"click link that for whatever reason doesn't give you a permanent link you can bookmark for later"
Sounds like engagement hacking?
I think this is a weird SAML pattern I've seen before where e.g. Okta generates a URL that's like https://somevendor.com/SAML/somesignedbase64payload to do SSO, which is sort of the inverse of the more common approach of the page you're logging into sending you to the Auth provider after seeing your email domain.
This is just to make it an IdP initiated flow (instead of a SP initiated flow) and its to prevent the extra hop back and forwards between Okta/IdP and the application.
My assumption would be clumsy session tracking.