feat: Guide - IdP-Initiated SAML SSO

[tamalchowdhury]

Description (required)

Adds a new guide to the enterprise connections section: IdP-initiated SAML SSO

Related issues & labels (optional)

• Closes #
• Suggested label:

Summary by CodeRabbit

• Documentation
  • Clarified Service Provider vs Identity Provider-initiated SSO concepts across authentication documentation.
  • Added comprehensive guide for IdP-initiated SAML SSO configuration, setup steps, and troubleshooting.
  • Updated error code 6722 guidance to reference IdP-initiated SSO setup documentation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Documentation updates and additions to enterprise connections and SSO authentication guides. Two existing enterprise connection documentation pages are updated to clarify service provider versus identity provider initiated SSO flows. A new comprehensive documentation page for IdP-initiated SAML SSO configuration is added, and error code documentation is updated to reference both SSO flow types.

Changes

Cohort / File(s)	Summary
Enterprise Connections Documentation Updates src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx, src/content/docs/authenticate/enterprise-connections/enterprise-connections-b2b.mdx	Updated metadata timestamps (2025-01-16 → 2025-12-19). Replaced section titles and rewrote content to clarify default SP-initiated SSO behavior and introduce IdP-initiated SSO with links to new detailed documentation.
New IdP-initiated SAML SSO Documentation src/content/docs/authenticate/enterprise-connections/idp-initiated-saml-sso.mdx	New comprehensive documentation page covering IdP-initiated SAML SSO setup, configuration, testing, troubleshooting, and security best practices for both environment-level and organization-level SAML enterprise connections.
Error Code Documentation src/content/docs/get-started/guides/error-codes.mdx	Updated error code 6722 description to clarify IdP-initiated SSO misconfiguration support for both SP-initiated and IdP-initiated flows, with added troubleshooting guidance.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• The new IdP-initiated SAML SSO page is substantial and comprehensive—verify technical accuracy of setup steps, configuration details, and troubleshooting sections
• Cross-reference consistency: ensure the terminology and concepts ("SP-initiated" vs "IdP-initiated") align consistently across the three updated/new documentation files
• Verify all referenced links (e.g., links added to the new IdP documentation page) are valid and point to correct resources

Poem

🐰 SSO flows now crystal clear,
Service Provider leads, then IdP cheer,
Two paths converge in SAML's dance,
With docs so deep, authentication's chance! 🔐✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main addition to the PR—a new guide for IdP-Initiated SAML SSO—which is accurately reflected in the comprehensive new documentation page added and the updates to related enterprise connection documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch tamal/feat/idp-initiated-saml-sso

---

📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2e4180c and e658297.

📒 Files selected for processing (4)

• src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx (2 hunks)
• src/content/docs/authenticate/enterprise-connections/enterprise-connections-b2b.mdx (2 hunks)
• src/content/docs/authenticate/enterprise-connections/idp-initiated-saml-sso.mdx (1 hunks)
• src/content/docs/get-started/guides/error-codes.mdx (1 hunks)

🧰 Additional context used

🪛 LanguageTool

src/content/docs/get-started/guides/error-codes.mdx

[grammar] ~163-~163: Ensure spelling is correct
Context: ...ooting - Check that the settings in the Kinde enterprise connection are correct - Che...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🔇 Additional comments (14)

src/content/docs/get-started/guides/error-codes.mdx (2)

160-160: LGTM!

The updated description provides clear guidance distinguishing SP-initiated (default) and IdP-initiated SSO flows, with an appropriate link to the detailed configuration guide.

---

165-165: LGTM!

The additional troubleshooting step for IdP-initiated SSO is practical and will help users diagnose ACS URL configuration issues.

src/content/docs/authenticate/enterprise-connections/idp-initiated-saml-sso.mdx (8)

1-25: LGTM!

The frontmatter metadata is comprehensive and well-structured. The complexity level (advanced), audience targeting (developer, enterprise-admin, security-engineer), and keywords are appropriate for IdP-initiated SAML SSO documentation.

---

27-48: LGTM!

The introduction clearly explains IdP-initiated SSO, contrasts it with SP-initiated flows, and provides a helpful step-by-step breakdown of the authentication flow. The prerequisites are well-defined and appropriate.

---

50-78: LGTM!

The setup instructions clearly distinguish between environment-level and organization-level connections. The warning about verified domain requirements for organization-level connections is helpful.

---

81-129: LGTM!

The configuration details are comprehensive and technically accurate. The default attribute mappings use standard SAML claim URIs, and the provisioning options are clearly explained. The inclusion of home realm discovery and sign-in button behavior is helpful for understanding the user experience.

---

131-155: LGTM!

The IdP configuration steps are clear and comprehensive. The note about IdP-initiated SSO support varying by provider is an important caveat, and the instructions for completing the setup in Kinde are straightforward.

---

157-171: LGTM!

Testing both SP-initiated and IdP-initiated flows is essential. The testing instructions are clear and cover the key verification points for each flow type.

---

172-185: LGTM!

The troubleshooting table covers common SAML configuration issues with practical solutions. The reference to the comprehensive error codes documentation is helpful for additional troubleshooting scenarios.

---

187-198: LGTM!

The security best practices are technically accurate and important. The recommendation to prefer SP-initiated SSO when possible is correct—SP-initiated flows include additional security validations (InResponseTo, state/nonce) that IdP-initiated flows cannot provide. The guidance to enable IdP-initiated SSO only when specifically required by enterprise customers is sound security advice.

src/content/docs/authenticate/enterprise-connections/enterprise-connections-b2b.mdx (2)

19-19: LGTM!

The metadata timestamp update appropriately reflects the content changes in this PR.

---

72-76: LGTM!

The updated section heading and content clearly distinguish SP-initiated (default) and IdP-initiated SSO flows. The link to the detailed IdP-initiated SAML SSO documentation provides users with additional guidance when needed.

src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx (2)

22-22: LGTM!

The metadata timestamp update appropriately reflects the content changes in this PR.

---

102-108: LGTM!

The updated section heading and content provide clear context for B2B scenarios. The distinction between SP-initiated (default) and IdP-initiated SSO flows is well-explained, with an appropriate link to the detailed configuration guide.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying kinde-docs-preview with    Cloudflare Pages

Latest commit:	e658297
Status:	✅  Deploy successful!
Preview URL:	https://d3427efc.kinde-docs-preview.pages.dev
Branch Preview URL:	https://tamal-feat-idp-initiated-sam.kinde-docs-preview.pages.dev

View logs

[alex72508]

New page looks good to me.